23rd July 2024

RPC Vulnerability Used with Microsoft SMB – CVE-2022-26809

Microsoft has reported an update for a vulnerability targeting Windows hosts running RPC (Remote Process Call Runtime) used with SMB. This vulnerability has been identified that could allow remote code execution (RCE) over a network without requiring authentication. Hosts running SMB have been found to be vulnerable to this attack. SMB port (445) is the most used and thus the most likely target of an attack. Microsoft’s guide to securing SMB traffic (https://docs.microsoft.com/en-us/windows-server/storage/file-server/smb-secure-traffic) should be followed.



Affected Systems

Windows systems.

Solution and CVE/CWE

CVE/CWE: CVE-2022-26809

TCP port 445 is used to initiate a connection with the affected component. Blocking this port at the network firewall helps protect systems behind this firewall from attempts to exploit this vulnerability. Additionally, updates found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809 must be performed. It was also emphasized that they should limit lateral movement by allowing TCP port 445 only on machines where it is needed (domain controllers, printers, file servers, etc.).

Note: Those with a CVSS 3.1 score of 7.0-8.9 out of 10 are considered “high”, and those with 9.0-10.0 are considered “critical” vulnerabilities.




LEARN MORE  Adobe Flash Player Is Officially Dead

Leave a Reply

Your email address will not be published. Required fields are marked *