msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809

How could an attacker exploit the vulnerability?

To exploit this vulnerability, an attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.

msrc.microsoft.com CVE-2022-26809

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809


krebsonsecurity.com/2022/04/microsoft-patch-tuesday-april-2022-edition/

win update picture of a windows laptop updating

Nine of the updates pushed this week address problems Microsoft considers “critical,” meaning the flaws they fix could be abused by malware or malcontents to seize total, remote access to a Windows system without any help from the user.

Among the scariest critical bugs is CVE-2022-26809, a potentially “wormable” weakness in a core Windows component (RPC) that earned a CVSS score of 9.8 (10 being the worst). Microsoft said it believes exploitation of this flaw is more likely than not.

Brian Krebs, Krebs on Security

krebsonsecurity.com/2022/04/microsoft-patch-tuesday-april-2022-edition/


 3,582 total views,  14 views today


Subscribe to be notified of new posts:


Krupczak logo

Home

Leave a comment

Your email address will not be published.