Critical Microsoft RPC runtime bug: No PoC exploit yet, but patch ASAP! (CVE-2022-26809)

2022-04-15 11:30

Three days have passed since Microsoft's latest Patch Tuesday, and CVE-2022-26809 has emerged as the vulnerability with the most exploitation potential.

CVE-2022-26809 is a remote code execution vulnerability in Microsoft Remote Procedure Call runtime and affects a wide variety of Windows and Windows Server versions.

Follow Microsoft's guidelines to secure SMB traffic.

This mention of SMB is probably what triggered some initial nervousness with security defenders, as it resurfaced bad memories related to the global WannaCry outbreak, which used the EternalBlue exploit to take advantage of vulnerabilities in Microsoft Windows SMB Server.

CVE-2022-26809 has nothing to do with SMB, it's an RPC vuln where a variety of transports can be used, like TCP/135, SMB/445, etc.

"You can't 'turn off' RPC on Windows if you are wondering. It will break stuff. RPC does more than SMB. For example, you can't move icons on the desktop if you disable RPC," he explained, and noted that exploitation detection may be hard.

News URL

https://www.helpnetsecurity.com/2022/04/15/cve-2022-26809/

#critical #exploit #microsoft #patch #POC #CVE-2022-26809

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-15	CVE-2022-26809	Unspecified vulnerability in Microsoft products Remote Procedure Call Runtime Remote Code Execution Vulnerability microsoft	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		394	52	1467	2974	184	4677

News URL

Related news

Related Vulnerability

Related vendor