Critical bug in Windows RPC: April Patch Day information

Experts warn about the vulnerabilities that Microsoft fixed on patch day. An update is strongly recommended, as the vulnerabilities can be exploited with little effort and without user intervention. Unauthorized persons can execute arbitrary code on their victim systems. An important addition to April Patch Day: The security update includes the fix for vulnerability CVE-2022-26809.

This is a vulnerability in Microsoft Remote Procedure Call (RPC) that is classified as critical and can be a very easy gateway for malicious code under certain circumstances. Security researchers have noted with concern this new Windows RPC vulnerability, as it could lead to widespread serious cyber-attacks once an exploit is developed. Cybercrime infographic: email remains the biggest security risk

Full administrative access is possible

When the vulnerability is exploited, all commands will be executed at the same privilege level as the RPC server, which in many cases has elevated privileges or general system privileges, allowing full administrative access to the exploited device. After Microsoft released security updates, security researchers quickly realized that this flaw could be exploited in widespread attacks, similar to the 2017 Wannacry attacks that exploited the Eternal Blue vulnerability. This wave of attacks kept the sector in a stranglehold for months.

The good news is that a specific RPC configuration may be required to be vulnerable, but that’s being analyzed in more detail. Will Dormann, a vulnerability analyst at CERT/CC, previously warned that all administrators should block port 445 at the network perimeter to prevent vulnerable servers from being exposed to the Internet. Blocking port 445 protects devices not only from external threat actors but also from potential network worms that could exploit the vulnerability. However, until security updates are installed, devices remain internally vulnerable to threats that compromise a network.