Table of Contents
April 18, 2022
|5m
How To Fix CVE-2022-26809- A Critical RCE Vulnerability In Windows RPC Runtime
Microsoft’s April Patch Tuesday brings several vulnerability fixes, including CVE-2022-26809, a critical remote code execution vulnerability in the Windows Remote Procedure Call Runtime library impacting all supported Windows products. This vulnerability is raising concerns among security researchers due to its widespread potential. Therefore, Organizations need to implement Windows security updates as soon as possible. This article will discuss how to Fix CVE-2022-26809, a critical RCE Vulnerability in Windows RPC Runtime.
What Is Windows RPC Runtime?
Microsoft Remote Procedure (RPC) is a robust technology to create distributed client/server programs. RPC run-time libraries and stubs manage most processes related to network protocols and communication. It enables you to focus on application details despite network details.
Summary Of CVE-2022-26809
CVE-2022-26809 is a vulnerability in Remote Procedure Call Runtime. An unauthentic remote attacker could exploit it by sending a specially crafted RPC call to the RPC host. Successful exploitation of this vulnerability could result in remote code execution on the server-side with similar permissions as the RPC service.
Microsoft evaluates that CVE-2022-26809 has a low attack complexity and needs no privileges and no user interaction. These features could make the vulnerability potentially wormable. However, Microsoft has not confirmed it yet at the time of publication.
| Associated CVE ID | CVE-2022-26809 |
| Description | A Critical RCE Vulnerability in Windows RPC Runtime |
| Associated ZDI ID | – |
| CVSS Score | 9.8 Critical |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Impact Score | – |
| Exploitability Score | – |
| Attack Vector (AV) | Network |
| Attack Complexity (AC) | Low |
| Privilege Required (PR) | None |
| User Interaction (UI) | None |
| Scope | Unchanged |
| Confidentiality (C) | High |
| Integrity (I) | High |
| availability (a) | High |
Windows Products Vulnerable To CVE-2022-26809
The following platforms are affected by the CVE-2022-26809.
Microsoft Windows Server
Windows Server 2022 (server Core installation)
Windows Server 2022
Windows Server version 20H2 (Server Core installation)
Windows Server 2019 (Server Core Installation)
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based System Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based System Service Pack 1
Windows Server 2008 for x64-based System Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based System Service Pack 2
Windows Server 2008 for 32-bit System Service Pack 2 (Server Core Installation)
Windows Server 2008
Windows Server 2008 R2 for 32-bit System Service Pack 2
Microsoft Windows Server
Windows Server 2022 (server Core installation)
Windows Server 2022
Windows Server version 20H2 (Server Core installation)
Windows Server 2019 (Server Core Installation)
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based System Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based System Service Pack 1
Windows Server 2008 for x64-based System Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based System Service Pack 2
Windows Server 2008 for 32-bit System Service Pack 2 (Server Core Installation)
Windows Server 2008
Windows Server 2008 R2 for 32-bit System Service Pack 2
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
How To Fix CVE-2022-26809- A Critical RCE Vulnerability In Windows RPC Runtime?
However, RPC leverages various security mechanisms and controls, following mitigations based on Microsoft’s official advisories are recommended.
Apply the latest security updates to mitigate these vulnerabilities.
RPC is required for devices used by the system. It is recommended to block traffic to TCP port 445 for services outside the enterprise perimeter.
Limit the lateral movement by enabling incoming TCP port 445 only to machines where it is required, such as print servers, domain controllers, file servers, etc.
Affected organizations are required to check the Microsoft April 2022 Security Update Summary and apply relevant patches. Get more details about CVE-2022-26809 here.
We hope this post would help you know How to Fix CVE-2022-26809- A Critical RCE Vulnerability in Windows RPC Runtime. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.
You may also like these articles:
Arun KL
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
