Microsoft has recently released a massive patch for its products on one of the latest Patch Tuesday updates. The patches fixed a lot of vulnerabilities but one of them is raising concerns among the security researchers. A vulnerability in the Microsoft Remote Procedure Call communication protocol, which can be tracked by CVE-2022-26809, has the potential to be the target of cyberattacks.
Admin-level access
Almost all of the Windows versions from Windows 7, including Server editions are affected by the bug
The bug allows any commands to be executed at the same privilege level as the Remote Procedure Call communication protocol. Since most of the RPC servers have system-level privileges, any exploitation would result in administrator-level access to the target systems. While researchers have been looking for the reason for the bug, Akamai researchers managed to discover a heap buffer overflow in the rpcrt4.dll file. Other researchers also stated that the DLL file is not only used by Microsoft services but also by other applications as well. This issue makes the vulnerability even more dangerous.
CERT/CC analyst Will Dormann has advised blocking port 445 to mitigate the risk. While this solution eliminates the remote exploitation risk, the systems will still be exposed to local threats or in compromised networks.
The Microsoft remote Procedure Call protocol is used for communication for processes between devices. The bug in this protocol has already been resolved. However, people who tend to delay or completely disable the updates are in danger. The flaw affects almost the entire Windows operating system line-up, including Windows 7, 32-bit versions, and Server editions as well.