At first glance, Microsoft’s monthly scheduled update for April of 2022 seemed routine, including patch fixes for 128 vulnerabilities. However, one particular vulnerability among this set of 128 is far from routine, and could be used by hackers to cause devastating harm in and around OT environments.
This vulnerability, CVE-2022-26809, exists in the Remote Procedure Call (RPC) Runtime Library used by Windows 7, Windows 11, and the related versions of Windows Server, and rates whopping 9.8 out of 10 or “critical” on the CVSS scale. Most concerningly, this vulnerability could allow attackers to set off worms and other malware via remote code execution (RCE) at a high level of privilege. The affected library, RPC, is a part of Microsoft’s Server Message Block (SMB) functionality, where it’s used for file transfer and inter-process communication (IPC). Programs commonly use RPC to request a service from another program located on the network.
To prevent this vulnerability from affecting operations, Microsoft recommends configuring firewall rules to block the static port (TCP port 445).
TXOne Networks Protection Recommendations
1230935 RPC Microsoft Windows RPC Runtime Remote Code Execution 2006 (CVE-2022-26809)
1230936 RPC Microsoft Windows RPC Runtime Remote Code Execution (CVE-2022-26809)
Look up other rules or learn more about these rules by searching them on our Threat Encyclopedia.
