29th March 2024

RPC Vulnerability Used with Microsoft SMB – CVE-2022-26809

Microsoft has reported an update for a vulnerability targeting Windows hosts running RPC (Remote Process Call Runtime) used with SMB. This vulnerability has been identified that could allow remote code execution (RCE) over a network without requiring authentication. Hosts running SMB have been found to be vulnerable to this attack. SMB port (445) is the most used and thus the most likely target of an attack. Microsoft’s guide to securing SMB traffic (https://docs.microsoft.com/en-us/windows-server/storage/file-server/smb-secure-traffic) should be followed.

CVE-2022-26809
CVE-2022-26809

 

Affected Systems

Windows systems.

Solution and CVE/CWE

CVE/CWE: CVE-2022-26809

TCP port 445 is used to initiate a connection with the affected component. Blocking this port at the network firewall helps protect systems behind this firewall from attempts to exploit this vulnerability. Additionally, updates found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809 must be performed. It was also emphasized that they should limit lateral movement by allowing TCP port 445 only on machines where it is needed (domain controllers, printers, file servers, etc.).

Note: Those with a CVSS 3.1 score of 7.0-8.9 out of 10 are considered “high”, and those with 9.0-10.0 are considered “critical” vulnerabilities.

REFERENCE

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26809

 

LEARN MORE  Adding and Monitoring Devices to Cacti Software - Windows Server 2019

Leave a Reply

Your email address will not be published. Required fields are marked *