Security News > 2022 > April > Critical Microsoft RPC runtime bug: No PoC exploit yet, but patch ASAP! (CVE-2022-26809)

Critical Microsoft RPC runtime bug: No PoC exploit yet, but patch ASAP! (CVE-2022-26809)
2022-04-15 11:30

Three days have passed since Microsoft's latest Patch Tuesday, and CVE-2022-26809 has emerged as the vulnerability with the most exploitation potential.

CVE-2022-26809 is a remote code execution vulnerability in Microsoft Remote Procedure Call runtime and affects a wide variety of Windows and Windows Server versions.

Follow Microsoft's guidelines to secure SMB traffic.

This mention of SMB is probably what triggered some initial nervousness with security defenders, as it resurfaced bad memories related to the global WannaCry outbreak, which used the EternalBlue exploit to take advantage of vulnerabilities in Microsoft Windows SMB Server.

CVE-2022-26809 has nothing to do with SMB, it's an RPC vuln where a variety of transports can be used, like TCP/135, SMB/445, etc.

"You can't 'turn off' RPC on Windows if you are wondering. It will break stuff. RPC does more than SMB. For example, you can't move icons on the desktop if you disable RPC," he explained, and noted that exploitation detection may be hard.


News URL

https://www.helpnetsecurity.com/2022/04/15/cve-2022-26809/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-04-15 CVE-2022-26809 Unspecified vulnerability in Microsoft products
Remote Procedure Call Runtime Remote Code Execution Vulnerability
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399