Critical Vulnerability Alert
During Microsoft’s most recent ‘Patch Tuesday’ announcement, its team shared information about the need to immediately patch a highly critical vulnerability, CVE-2022-26809. The issue exists within Microsoft’s Remote Procedure Call (RPC) communication protocol and has received a vulnerability score of 9.8/10 by the Common Vulnerability Scoring System (CVSS). RPC is a widely utilized operating system (OS) that dates to and remains active on Windows 7 and Server 2008 to the most current OSs.
CVE-2022-26809 is a remote code execution (RCE) vulnerability, which is particularly dangerous as its exploitation provides threat actors the opportunity to deploy any malicious code, including ransomware, within the system and its connected environments. An additional worrisome aspect of this vulnerability is that it is exploitable without human interaction and capable of spreading automatically. The extensive use of these vulnerable systems could lead to major disruptions if not patched immediately.
The first recommendation is to spread awareness of this critical vulnerability to all IT teams and clients who use RPC communication protocols. From there, it is necessary to quickly apply the Microsoft-issued security patch to all impacted systems to remediate the flaw. More specifically, block the perimeter firewall ports 135, 139, 445, and 593 to limit the total attack surface available to threat actors due to the CVE-2022-26809 vulnerability.
When a software vulnerability is publicized, threat actors will attempt to exploit it for profit, notoriety, or out of sheer malice before updates or patches are completed. At SpearTip, our certified engineers specialize in handling data breaches with one of the fastest response times in the industry. We continuously monitor companies’ data network infrastructure at our 24/7/365 Security Operations Centers for malicious activity, including unauthorized access through port vulnerabilities, such as with CVE-2022-26809. Our ShadowSpear Platform is an unparalleled resource that integrates with cloud, network, and endpoint devices to enhance the cyber posture of any company and provides optimal visibility in preventing future cyber threats.
If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.