Critical RPC vulnerability in Windows

CVE ID: CVE-2022-26809

CVSS Base Score: 9.8 / 10

A highly critical vulnerability with a severity score of 9.8 (out of a maximum of 10) has been discovered in Windows operating systems. Currently no exploit code is available, but this may change at any time.

The RPC vulnerability allows an attacker to compromise Windows operating systems over the Internet if their SMB (tcp/445) network port is accessible. This can lead to data manipulation or loss of control by the owner.

Our recommendation

It is to be expected that this vulnerability will be actively exploited by ransomware groups in the coming days, resulting in an increased threat. In order to close the known vulnerability, Microsoft has made an official patch available. We therefore strongly recommend updating all Windows operating systems (servers and clients) and ensuring that no SMB network ports are accessible via the Internet.

Bernhard Schildendorfer

April 14, 2022

Category

Security vulnerability

Might be also interesting

Managed Security Service Provider: Geschäftsmodell für die Zukunft.

Guide

MSSP: a future-proof business model

Numerous managed security service providers are currently emerging. But what makes this business model work, and what should you as a reseller, system house or MSP pay attention to when making the switch? You can learn all about it in the article.

September 1, 2022
Neue Distributionspartnerschaft mit Fokus MSP

Press announcement

Partnership with Fokus MSP

Since 20 July it is official: Fokus MSP is a further distribution partner! Together we want to simplify the consulting and procurement process for MSPs, IT service providers and system houses.

July 20, 2022
Neue kritische Sicherheitslücke in Confluence von Atlassian

Security vulnerability

Critical vulnerability in Atlassian Confluence

Atlassian published a security advisory for the vulnerability CVE-2022-26134, which is a critical unauthenticated remote code execution vulnerability in Confluence Server and Data Center.

June 3, 2022