Critical RPC vulnerability in Windows

CVE ID: CVE-2022-26809

CVSS Base Score: 9.8 / 10

A highly critical vulnerability with a severity score of 9.8 (out of a maximum of 10) has been discovered in Windows operating systems. Currently no exploit code is available, but this may change at any time.

The RPC vulnerability allows an attacker to compromise Windows operating systems over the Internet if their SMB (tcp/445) network port is accessible. This can lead to data manipulation or loss of control by the owner.

Our recommendation

It is to be expected that this vulnerability will be actively exploited by ransomware groups in the coming days, resulting in an increased threat. In order to close the known vulnerability, Microsoft has made an official patch available. We therefore strongly recommend updating all Windows operating systems (servers and clients) and ensuring that no SMB network ports are accessible via the Internet.

Bernhard Schildendorfer

April 14, 2022

Category

Security vulnerability

Might be also interesting

Feature

Whitelabeling

Whitelabeling allows you to customize the Security Audit Platform with your own look and feel. To complete the new feature, we have added another "treat": Read-only Access.

March 21, 2024

Guide

Everything about the NIS2 Directive

Find out everything you need to know about the NIS2 Directive in our article: When did it come into force, which organizations does it affect and what are the specific requirements?

March 8, 2024

Feature

Assessment of IT security

In this article, you will find out why we have introduced probability of occurrence as a new factor in vulnerability risk assessment, and how IT security assessment works in our Security Audit Platform.

February 28, 2024

Purpose	So that the user's cookie preferences can be taken into account, these are stored in the cookies.
Data	Accepted or rejected cookie categories
Originator	Lywand Software GmbH
Privacy Policy	lywand.com/datenschutzerklaerung

Purpose	This web analytics tool allows us to compile user statistics about your website activity and to best tailor our website to your interests.
Data	anonymized IP address, pseudonymized user identification, date and time of the request, amount of data transferred incl. message as to whether the request was successful, browser used, operating system used, website from which access was made.
Originator	Google Ireland Limited
Privacy Policy	https://policies.google.com/privacy

Purpose	Representation of the company's location using Google's map service.
Data	Date and time of visit, location information, IP address, URL, usage data, search terms, geographic location.
Originator	Google Ireland Limited
Privacy Policy	https://policies.google.com/privacy

Purpose	Convenient appointment scheduling via Calendly directly on the website.
Data	Appointment information, calendar information, information from third-party software providers, payment information, chatbot data, marketing information, log & device data, cookie data, usage data
Originator	Calendly LLC
Privacy Policy	calendly.com/privacy

Purpose	This data processing is performed by YouTube to ensure the functionality of the player.
Data	Device information, IP address, referrer URL, viewed videos
Originator	Google Ireland Limited
Privacy Policy	https://policies.google.com/privacy

Cookie Settings

Our recommendation

Might be also interesting

Whitelabeling

Everything about the NIS2 Directive

Assessment of IT security