Table of Contents
  • Home
  • /
  • Blog
  • /
  • How To Fix CVE-2022-26809- A Critical RCE Vulnerability In Windows RPC Runtime
April 18, 2022
|
5m

How To Fix CVE-2022-26809- A Critical RCE Vulnerability In Windows RPC Runtime


How To Fix Cve 2022 26809 A Critical Rce Vulnerability In Windows Rpc Runtime

Microsoft’s April Patch Tuesday brings several vulnerability fixes, including CVE-2022-26809, a critical remote code execution vulnerability in the Windows Remote Procedure Call Runtime library impacting all supported Windows products. This vulnerability is raising concerns among security researchers due to its widespread potential. Therefore, Organizations need to implement Windows security updates as soon as possible. This article will discuss how to Fix CVE-2022-26809, a critical RCE Vulnerability in Windows RPC Runtime.

What Is Windows RPC Runtime?

Microsoft Remote Procedure (RPC) is a robust technology to create distributed client/server programs. RPC run-time libraries and stubs manage most processes related to network protocols and communication. It enables you to focus on application details despite network details.

Summary Of CVE-2022-26809

CVE-2022-26809 is a vulnerability in Remote Procedure Call Runtime. An unauthentic remote attacker could exploit it by sending a specially crafted RPC call to the RPC host. Successful exploitation of this vulnerability could result in remote code execution on the server-side with similar permissions as the RPC service.

Microsoft evaluates that CVE-2022-26809 has a low attack complexity and needs no privileges and no user interaction. These features could make the vulnerability potentially wormable. However, Microsoft has not confirmed it yet at the time of publication.

Associated CVE IDCVE-2022-26809
DescriptionA Critical RCE Vulnerability in Windows RPC Runtime
Associated ZDI ID
CVSS Score9.8 Critical
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PR)None
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
availability (a)High

Windows Products Vulnerable To CVE-2022-26809

The following platforms are affected by the CVE-2022-26809.

Microsoft Windows Server

  • Windows Server 2022 (server Core installation)

  • Windows Server 2022

  • Windows Server version 20H2 (Server Core installation)

  • Windows Server 2019 (Server Core Installation)

  • Windows Server 2016 (Server Core installation)

  • Windows Server 2016

  • Windows Server 2012 R2 (Server Core installation)

  • Windows Server 2012 R2

  • Windows Server 2012 (Server Core installation)

  • Windows Server 2012

  • Windows Server 2008 R2 for x64-based System Service Pack 1 (Server Core installation)

  • Windows Server 2008 R2 for x64-based System Service Pack 1

  • Windows Server 2008 for x64-based System Service Pack 2 (Server Core installation)

  • Windows Server 2008 for x64-based System Service Pack 2

  • Windows Server 2008 for 32-bit System Service Pack 2 (Server Core Installation)

  • Windows Server 2008

  • Windows Server 2008 R2 for 32-bit System Service Pack 2 

Microsoft Windows Server

  • Windows Server 2022 (server Core installation)

  • Windows Server 2022

  • Windows Server version 20H2 (Server Core installation)

  • Windows Server 2019 (Server Core Installation)

  • Windows Server 2016 (Server Core installation)

  • Windows Server 2016

  • Windows Server 2012 R2 (Server Core installation)

  • Windows Server 2012 R2

  • Windows Server 2012 (Server Core installation)

  • Windows Server 2012

  • Windows Server 2008 R2 for x64-based System Service Pack 1 (Server Core installation)

  • Windows Server 2008 R2 for x64-based System Service Pack 1

  • Windows Server 2008 for x64-based System Service Pack 2 (Server Core installation)

  • Windows Server 2008 for x64-based System Service Pack 2

  • Windows Server 2008 for 32-bit System Service Pack 2 (Server Core Installation)

  • Windows Server 2008

  • Windows Server 2008 R2 for 32-bit System Service Pack 2

  • Windows 11 for ARM64-based Systems

  • Windows 11 for x64-based Systems

  • Windows 10 Version 21H2 for ARM64-based Systems

  • Windows 10 Version 21H2 for 32-bit Systems

  • Windows 10 Version 21H2 for x64-based Systems

  • Windows 10 Version 21H1 for ARM64-based Systems

  • Windows 10 Version 21H1 for 32-bit Systems

  • Windows 10 Version 21H1 for x64-based Systems

  • Windows 10 Version 20H2 for ARM64-based Systems

  • Windows 10 Version 20H2 for 32-bit Systems

  • Windows 10 Version 20H2 for x64-based Systems

  • Windows 10 Version 1909 for ARM64-based Systems

  • Windows 10 Version 1909 for x64-based Systems

  • Windows 10 Version 1909 for 32-bit Systems

  • Windows 10 Version 1809 for ARM64-based Systems

  • Windows 10 Version 1809 for x64-based Systems

  • Windows 10 Version 1809 for 32-bit Systems

  • Windows 10 Version 1607 for x64-based Systems

  • Windows 10 Version 1607 for 32-bit Systems

  • Windows 10 for x64-based Systems

  • Windows 10 for 32-bit Systems

  • Windows RT 8.1

  • Windows 8.1 for x64-based systems

  • Windows 8.1 for 32-bit systems

  • Windows 7 for x64-based Systems Service Pack 1

  • Windows 7 for 32-bit Systems Service Pack 1

How To Fix CVE-2022-26809- A Critical RCE Vulnerability In Windows RPC Runtime?

However, RPC leverages various security mechanisms and controls, following mitigations based on Microsoft’s official advisories are recommended.

  1. Apply the latest security updates to mitigate these vulnerabilities.

  2. RPC is required for devices used by the system. It is recommended to block traffic to TCP port 445 for services outside the enterprise perimeter.

  3. Limit the lateral movement by enabling incoming TCP port 445 only to machines where it is required, such as print servers, domain controllers, file servers, etc.

Affected organizations are required to check the Microsoft April 2022 Security Update Summary and apply relevant patches. Get more details about CVE-2022-26809 here.

We hope this post would help you know How to Fix CVE-2022-26809- A Critical RCE Vulnerability in Windows RPC Runtime. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, Medium & Instagram, and subscribe to receive updates like this. 

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Application Security

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe