msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809
How could an attacker exploit the vulnerability?
To exploit this vulnerability, an attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.
msrc.microsoft.com CVE-2022-26809
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809
krebsonsecurity.com/2022/04/microsoft-patch-tuesday-april-2022-edition/
Nine of the updates pushed this week address problems Microsoft considers “critical,” meaning the flaws they fix could be abused by malware or malcontents to seize total, remote access to a Windows system without any help from the user.
Among the scariest critical bugs is CVE-2022-26809, a potentially “wormable” weakness in a core Windows component (RPC) that earned a CVSS score of 9.8 (10 being the worst). Microsoft said it believes exploitation of this flaw is more likely than not.
Brian Krebs, Krebs on Security
krebsonsecurity.com/2022/04/microsoft-patch-tuesday-april-2022-edition/
Subscribe to be notified of new posts:
