• Home
  • |
  • Blog
  • |
  • How To Fix CVE-2022-26809- A Critical RCE Vulnerability In Windows RPC Runtime
How to Fix CVE-2022-26809- A Critical RCE Vulnerability in Windows RPC Runtime

Microsoft’s April Patch Tuesday brings several vulnerability fixes, including CVE-2022-26809, a critical remote code execution vulnerability in the Windows Remote Procedure Call Runtime library impacting all supported Windows products. This vulnerability is raising concerns among security researchers due to its widespread potential. Therefore, Organizations need to implement Windows security updates as soon as possible. This article will discuss how to Fix CVE-2022-26809, a critical RCE Vulnerability in Windows RPC Runtime.

What Is Windows RPC Runtime?

Microsoft Remote Procedure (RPC) is a robust technology to create distributed client/server programs. RPC run-time libraries and stubs manage most processes related to network protocols and communication. It enables you to focus on application details despite network details.

Summary Of CVE-2022-26809

CVE-2022-26809 is a vulnerability in Remote Procedure Call Runtime. An unauthentic remote attacker could exploit it by sending a specially crafted RPC call to the RPC host. Successful exploitation of this vulnerability could result in remote code execution on the server-side with similar permissions as the RPC service.

Microsoft evaluates that CVE-2022-26809 has a low attack complexity and needs no privileges and no user interaction. These features could make the vulnerability potentially wormable. However, Microsoft has not confirmed it yet at the time of publication.

Associated CVE IDCVE-2022-26809
DescriptionA Critical RCE Vulnerability in Windows RPC Runtime
Associated ZDI ID
CVSS Score9.8 Critical
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PR)None
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
availability (a)High

Windows Products Vulnerable To CVE-2022-26809

The following platforms are affected by the CVE-2022-26809.

Microsoft Windows Server

  • Windows Server 2022 (server Core installation)
  • Windows Server 2022
  • Windows Server version 20H2 (Server Core installation)
  • Windows Server 2019 (Server Core Installation)
  • Windows Server 2016 (Server Core installation)
  • Windows Server 2016
  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012
  • Windows Server 2008 R2 for x64-based System Service Pack 1 (Server Core installation)
  • Windows Server 2008 R2 for x64-based System Service Pack 1
  • Windows Server 2008 for x64-based System Service Pack 2 (Server Core installation)
  • Windows Server 2008 for x64-based System Service Pack 2
  • Windows Server 2008 for 32-bit System Service Pack 2 (Server Core Installation)
  • Windows Server 2008
  • Windows Server 2008 R2 for 32-bit System Service Pack 2 

Microsoft Windows Server

  • Windows Server 2022 (server Core installation)
  • Windows Server 2022
  • Windows Server version 20H2 (Server Core installation)
  • Windows Server 2019 (Server Core Installation)
  • Windows Server 2016 (Server Core installation)
  • Windows Server 2016
  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012
  • Windows Server 2008 R2 for x64-based System Service Pack 1 (Server Core installation)
  • Windows Server 2008 R2 for x64-based System Service Pack 1
  • Windows Server 2008 for x64-based System Service Pack 2 (Server Core installation)
  • Windows Server 2008 for x64-based System Service Pack 2
  • Windows Server 2008 for 32-bit System Service Pack 2 (Server Core Installation)
  • Windows Server 2008
  • Windows Server 2008 R2 for 32-bit System Service Pack 2
  • Windows 11 for ARM64-based Systems
  • Windows 11 for x64-based Systems
  • Windows 10 Version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for 32-bit Systems
  • Windows 10 Version 21H2 for x64-based Systems
  • Windows 10 Version 21H1 for ARM64-based Systems
  • Windows 10 Version 21H1 for 32-bit Systems
  • Windows 10 Version 21H1 for x64-based Systems
  • Windows 10 Version 20H2 for ARM64-based Systems
  • Windows 10 Version 20H2 for 32-bit Systems
  • Windows 10 Version 20H2 for x64-based Systems
  • Windows 10 Version 1909 for ARM64-based Systems
  • Windows 10 Version 1909 for x64-based Systems
  • Windows 10 Version 1909 for 32-bit Systems
  • Windows 10 Version 1809 for ARM64-based Systems
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 1809 for 32-bit Systems
  • Windows 10 Version 1607 for x64-based Systems
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 for x64-based Systems
  • Windows 10 for 32-bit Systems
  • Windows RT 8.1
  • Windows 8.1 for x64-based systems
  • Windows 8.1 for 32-bit systems
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows 7 for 32-bit Systems Service Pack 1

How To Fix CVE-2022-26809- A Critical RCE Vulnerability In Windows RPC Runtime?

However, RPC leverages various security mechanisms and controls, following mitigations based on Microsoft’s official advisories are recommended.

  1. Apply the latest security updates to mitigate these vulnerabilities.
  2. RPC is required for devices used by the system. It is recommended to block traffic to TCP port 445 for services outside the enterprise perimeter.
  3. Limit the lateral movement by enabling incoming TCP port 445 only to machines where it is required, such as print servers, domain controllers, file servers, etc.

Affected organizations are required to check the Microsoft April 2022 Security Update Summary and apply relevant patches. Get more details about CVE-2022-26809 here.

We hope this post will help you know How to Fix CVE-2022-26809- A Critical RCE Vulnerability in Windows RPC Runtime. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this. 

About the author

Arun KL

Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.