One Article Review
| Source |  Fortinet ThreatSignal |
|---|---|
| Identifiant | 4458092 |
| Date de publication | 2022-04-15 10:35:40 (vue: 2022-04-15 18:05:29) |
| Titre | Microsoft Released Advisory on a Critical Remote Code Execution Vulnerability in RPC (CVE-2022-26809) |
| Texte | FortiGuard Labs is aware that Microsoft released a patch and advisory for a critical remote code execution vulnerability in Remote Procedure Call Runtime Library as part of the April Patch Tuesday. Assigned CVE-2022-26809 and a CVSS score of 9.8, successfully exploiting the vulnerability allows an attacker to execute remote code with high privileges on a vulnerable system, leading to a full compromise.Why is this Significant?This is significant because CVE-2022-26809 is rated by Microsoft as "critical" and "Exploitation More Likely" because of its impacts on all supported Windows products and due to the trivial nature of the vulnerability. Because of the potential impact that the vulnerability has, Microsoft released security updates for Windows 7, which reached end-of-life in January 2020. Also, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory urging users and administrators to apply the patch or apply the recommended mitigations.What is CVE-2022-26809?CVE-2022-26809 is a critical remote code execution vulnerability in Remote Procedure Call Runtime Library. The Microsoft advisory states "To exploit this vulnerability, an attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service," which allows the attacker to take control of an affected system.Is CVE-2022-26809 being Exploited in the Wild?At the time of this writing, the vulnerability is not reported nor observed to have been exploited in the wild.Has Microsoft Released a Patch for CVE-2022-26809?Yes, Microsoft released a patch on April 12th, 2022 as part of the April MS Tuesday. Due to the potential impact the vulnerability has, Microsoft also released security updates for Windows 7, which is no longer supported.What is the Status of Coverage?FortiGuard Labs has released the following IPS signature in version 20.297:MS.Windows.RPC.CVE-2022-26809.Remote.Code.Execution (default action is set to pass)What Mitigation Steps are Available?Microsoft has provided the following mitigation steps in the advisory:Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:1. Block TCP port 445 at the enterprise perimeter firewallTCP port 445 is used to initiate a connection with the affected component. Blocking this port at the network perimeter firewall will help protect systems that are behind that firewall from attempts to exploit this vulnerability. This can help protect networks from attacks that originate outside the enterprise perimeter. Blocking the affected ports at the enterprise perimeter is the best defense to help avoid Internet-based attacks. However, systems could still be vulnerable to attacks from within their enterprise perimeter.2. Follow Microsoft guidelines to secure SMB trafficFor the Microsoft guidelines on how to secure SMB traffic, see the Appendix for a link to "Secure SMB Traffic in Windows Server". |
| Envoyé | Oui |
| Condensat | 12th 2020 2022 26809 297:ms 445 action administrators advisory advisory:mitigation affected agency all allows also appendix apply april are assigned attacker attacks attempts available avoid aware based because been behind being best block blocking call can cisa code common component compromise configuration connection control could coverage crafted critical cve cvss cybersecurity default defense due end enterprise execute execution existing exploit exploitation exploited exploiting factors firewall firewalltcp follow following fortiguard from full general guidelines has have help helpful high host how however impact impacts infrastructure initiate internet ips issued its january labs leading library life likely link longer may microsoft mitigating mitigation mitigations more nature need network networks nor not observed originate outside part pass patch perimeter permissions port ports potential practice privileges procedure products protect provided rated reached recommended reduce refers released remote reported result rpc runtime same score secure security see send server service set setting severity side signature significant situation:1 smb specially state states status steps successfully supported system systems take tcp time traffic trafficfor trivial tuesday updates urging used users version vulnerability vulnerable what which why wild will windows within would writing your |
| Tags | Vulnerability Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.