5th December 2022

RPC Vulnerability Used with Microsoft SMB – CVE-2022-26809

Microsoft has reported an update for a vulnerability targeting Windows hosts running RPC (Remote Process Call Runtime) used with SMB. This vulnerability has been identified that could allow remote code execution (RCE) over a network without requiring authentication. Hosts running SMB have been found to be vulnerable to this attack. SMB port (445) is the most used and thus the most likely target of an attack. Microsoft’s guide to securing SMB traffic (https://docs.microsoft.com/en-us/windows-server/storage/file-server/smb-secure-traffic) should be followed.

CVE-2022-26809
CVE-2022-26809

 

Affected Systems

Windows systems.

Solution and CVE/CWE

CVE/CWE: CVE-2022-26809

TCP port 445 is used to initiate a connection with the affected component. Blocking this port at the network firewall helps protect systems behind this firewall from attempts to exploit this vulnerability. Additionally, updates found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809 must be performed. It was also emphasized that they should limit lateral movement by allowing TCP port 445 only on machines where it is needed (domain controllers, printers, file servers, etc.).

Note: Those with a CVSS 3.1 score of 7.0-8.9 out of 10 are considered “high”, and those with 9.0-10.0 are considered “critical” vulnerabilities.

REFERENCE

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26809

 

LEARN MORE  What is Test-NetConnection Command and How to Use It?

Leave a Reply

Your email address will not be published. Required fields are marked *