Technology

Critical bug in Windows RPC: April Patch Day information

Experts warn about the vulnerabilities that Microsoft fixed on patch day. An update is strongly recommended, as the vulnerabilities can be exploited with little effort and without user intervention. Unauthorized persons can execute arbitrary code on their victim systems. An important addition to April Patch Day: The security update includes the fix for vulnerability CVE-2022-26809.

This is a vulnerability in Microsoft Remote Procedure Call (RPC) that is classified as critical and can be a very easy gateway for malicious code under certain circumstances. Security researchers have noted with concern this new Windows RPC vulnerability, as it could lead to widespread serious cyber-attacks once an exploit is developed. Cybercrime infographic: email remains the biggest security risk

Full administrative access is possible

When the vulnerability is exploited, all commands will be executed at the same privilege level as the RPC server, which in many cases has elevated privileges or general system privileges, allowing full administrative access to the exploited device. After Microsoft released security updates, security researchers quickly realized that this flaw could be exploited in widespread attacks, similar to the 2017 Wannacry attacks that exploited the Eternal Blue vulnerability. This wave of attacks kept the sector in a stranglehold for months.

The good news is that a specific RPC configuration may be required to be vulnerable, but that’s being analyzed in more detail. Will Dormann, a vulnerability analyst at CERT/CC, previously warned that all administrators should block port 445 at the network perimeter to prevent vulnerable servers from being exposed to the Internet. Blocking port 445 protects devices not only from external threat actors but also from potential network worms that could exploit the vulnerability. However, until security updates are installed, devices remain internally vulnerable to threats that compromise a network.

Recent Posts

Google Health: A bug is currently really annoying Pixel Watch users

An annoying software error is currently plaguing many owners of the Google Pixel Watch. The…

1 hour ago

Pixel Watch 5: Leak shows the design of the new Google smartwatch in advance

After the new Google smartphones in the Pixel 11 series, official marketing images of the…

1 hour ago

Epson is in court: first lawsuit over planned obsolescence

A French consumer protection association is taking Epson to court. The accusation is of planned…

1 hour ago

EU brings Meta to its knees: ChatGPT is running again in WhatsApp chat

After a months-long exclusion by the Facebook group Meta, the well-known AI chatbot ChatGPT has…

1 hour ago

Good news for Windows 11: Microsoft is banning advertising from search

Microsoft is fundamentally redesigning the search in Windows 11. The operating system loses advertising, forced…

1 hour ago

iOS 27 public beta is here: Apple starts the test phase for all iPhone users

Interested users can now install the first public beta version of iOS 27 on their…

2 hours ago