Fresh questions have arisedn about one of the remotely exploitable flaws in Microsoft’s products which was revealed during the company’s monthly Patch Tuesday announcement.
The questions revolve around whether the company’s initial advice for mitigating the vulnerability were sufficient.
The flaw in question, CVE-2022-26809, an RPC Runtime Library Remote Code Execution Vulnerability, was given a CVSS rating of 9.8 and required no user interaction to be exploited, meaning it was wormable.
1. Block TCP port 445 at the enterprise perimeter firewall
*However, systems could still be vulnerable to attacks from within their enterprise perimeter.* pic.twitter.com/zPAWwIQoY4
— ◌ ? ◌ (@notbind) April 13, 2022
Microsoft’s mitigation advice was to block TCP port 445 at the enterprise perimeter firewall. But the company added later that systems could still be vulnerable to attacks from within their enterprise perimeter.
Security researcher Marcus Hutchins said on Twitter: “With CVE-2022-26809, I’m not sure what’s required to reach the vulnerable code, but I’ve been able to reach the containing function over RPC (135) as well as SMB (445).
“So, unless the exploit condition is protocol dependent, then blocking just 445 may not be enough.”
Asked about the possibility that the advice was not sufficient, Tenable staff research engineer Satnam Narang responded: “Based on what’s been shared so far, Microsoft says that as a mitigation measure, blocking port 445 is sufficient to thwart internet-based attacks.
PSA: Patch CVE-2022-26809 – Windows RPC remote code execution. Before we see Blaster worm all over again.
— @mikko (@mikko) April 13, 2022
“Astute researchers like Marcus Hutchins, who have been investigating this bug believe it might be possible to reach the vulnerable code through other ports like 135.
“However, we don’t definitively know if it’s possible to create the conditions to exploit the vulnerability over other ports/protocols. This is certainly a vulnerability to keep an eye on a further research continues.”
SONICWALL 2022 CYBER THREAT REPORT
The past year has seen a meteoric rise in ransomware incidents worldwide.
Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:
Zero-day attacks and more
These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.
Click the button below to get the report.
PROMOTE YOUR WEBINAR ON ITWIRE
It’s all about Webinars.
Marketing budgets are now focused on Webinars combined with Lead Generation.
If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.
The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.
Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.
We look forward to discussing your campaign goals with you. Please click the button below.
MORE INFO HERE!