New questions have arisen about one of the remotely exploitable flaws in Microsoft products that was revealed during the Monthly Patch Tuesday announcement.
The questions revolve around whether the company’s initial advice to mitigate the vulnerability was sufficient. The number of vulnerabilities patched on Tuesday was the highest in a single month since September 2020.
The flaw in question, CVE-2022-26809, a remote code execution vulnerability in the RPC runtime library, received a CVSS rating of 9.8 and required no user interaction to exploit. meaning she was dewormed.
1. Block TCP port 445 at the corporate perimeter firewall
*However, systems may still be vulnerable to attacks originating from the perimeter of their enterprise.* pic.twitter.com/zPAWwIQoY4
—◌? ◌ (@notbind) April 13, 2022
Microsoft mitigation tips was to block TCP port 445 at the corporate perimeter firewall. But the company later added that the systems could still be vulnerable to attack from the perimeter of their business.
Marcus Hutchins, Security Researcher mentioned on Twitter: “With CVE-2022-26809, I’m not sure what is needed to reach the vulnerable code, but I was able to reach the container function via RPC (135) as well as SMB (445).
“So unless the exploit condition is protocol dependent, blocking just 445 may not be enough.”
Asked if the advice might not be enough, Tenable’s staff research engineer, Satnam Narang, replied, “Based on what has been shared so far, Microsoft asserts that as As a mitigation measure, blocking port 445 is sufficient to thwart Internet-based attacks.
PSA: Patch CVE-2022-26809 – Windows RPC Remote Code Execution. Before seeing the Blaster worm again.
— @mikko (@mikko) April 13, 2022
“Clever researchers like Marcus Hutchins, who investigated this bug, think it might be possible to reach the vulnerable code through other ports like 135.
“However, we don’t know for sure if it’s possible to create the conditions to exploit the vulnerability on other ports/protocols. This is definitely a vulnerability to keep an eye on for further research. .”
SONICWALL CYBER THREAT REPORT 2022
The last year has seen a meteoric rise in ransomware incidents around the world.
Over the past 12 months, threat researchers at SonicWall Capture Labs have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:
Zero-day attacks and more
These exclusive findings are now available through the SonicWall Cyber Threat Report 2022, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the growing wave of cybercrime.
Click the button below to get the report.
GET A REPORT!
PROMOTE YOUR WEBINAR ON ITWIRE
It’s all about webinars.
Marketing budgets are now focused on webinars combined with lead generation.
If you want to promote a webinar, we recommend at least a 3-4 week campaign before your event.
The iTWire campaign will include numerous advertisements on our news site itwire.com and a major newsletter promotion https://itwire.com/itwire-update.html and promotional and editorial news. Plus a keynote speaker video interview on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in promotional messages on the iTWire homepage.
Now that we are coming out of Lockdown, iTWire will focus on supporting your webinars and campaigns and providing support through partial payments and extended terms, a Webinar Business Booster pack and other support programs. We can also create your advertisements and written content and coordinate your video interview.
We look forward to discussing your campaign goals with you. Please click the button below.
MORE INFO HERE!