msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809
How could an attacker exploit the vulnerability?
To exploit this vulnerability, an attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.
msrc.microsoft.com CVE-2022-26809
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809
krebsonsecurity.com/2022/04/microsoft-patch-tuesday-april-2022-edition/
![win update picture of a windows laptop updating](https://matthew.krupczak.org/wp-content/uploads/2022/04/windupate.png)
Nine of the updates pushed this week address problems Microsoft considers “critical,” meaning the flaws they fix could be abused by malware or malcontents to seize total, remote access to a Windows system without any help from the user.
Among the scariest critical bugs is CVE-2022-26809, a potentially “wormable” weakness in a core Windows component (RPC) that earned a CVSS score of 9.8 (10 being the worst). Microsoft said it believes exploitation of this flaw is more likely than not.
Brian Krebs, Krebs on Security
krebsonsecurity.com/2022/04/microsoft-patch-tuesday-april-2022-edition/