Tag :
Cyber Security

1. Summary

Vulnerability Name Windows Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2022-26809)
Release Time Apr 13, 2022
Component Name rpcrt4.dll
Affected Versions Windows 7, 8.1, RT, 10, 11
Windows Server 2008, 2012, 2016, 2019, 2022, 20H2
See Section 3 Affected Versions for details
Vulnerability Type Remote Code Execution
Exploitability Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Impact Severity: CVSS v3 Base Score: 9.8 (Critical)
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

2. About CVE-2022-26809

2.1 Introduction

Microsoft Remote Procedure Call (RPC) is a communication protocol that enables a program to request a service from another computer on the same network without having to understand the details of that computer's network. In modern operating systems like Windows 10 and 11, RPC is also used by applications running on the same machine to communicate with one another and pass instructions.

2.2 Summary

On April 13, 2022, Sangfor FarSight Labs received a notice about a remote code execution vulnerability (CVE-2022-26809) in the rpcrt4.dll file of Microsoft Remote Procedure Call, classified as critical with a CVSS Score of 9.8. To exploit this vulnerability, an attacker would send a specially crafted RPC call to an RPC host. This would result in remote code execution on the server side with the same permissions as the RPC service. Sangfor FarSight Labs has detected exploits of CVE-2022-26809 in the wild, with a recent high of 93 attacks detected on September 19, 2022 (see figure 1 below). Sangfor strongly recommends users to patch their systems as soon as possible according to Section 4 below.

Exploits of CVE-2022-26809 detected by Sangfor from August 27 to September 26, 2022

Figure 1. Exploits of CVE-2022-26809 detected by Sangfor from August 27 to September 26, 2022 

3. Affected Versions

Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server, version 20H2 (Server Core Installation)

4. Solutions

4.1 Remediation Solutions

4.1.1 Check the Component Version

1) Run "systeminfo" in a CMD window and it will display a list of details about the system, including what patches are installed, as shown below.

4.1.1 Check the Component Version

2) Check if the patch corresponding to your OS is installed. Patches for affected OS versions can be found in the link below: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809

CVE-2022-26809: Windows Remote Procedure Call Runtime Remote Code Execution Vulnerability

3) If the patch is not installed, proceed to "4.1.2 Microsoft Solution" to download and install the patch.

4.1.2 Microsoft Solution

Microsoft has released a patch for affected OS versions to fix this vulnerability. Please download the patch corresponding to the affected OS from the following link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809

4.2 Sangfor Solutions

4.2.1 Security Monitoring

The following Sangfor products and services perform real-time monitoring of assets affected by the Windows Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2022-26809):

4.2.2 Security Protection

The following Sangfor products and services provide protection against the Windows Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2022-26809):

5. Timeline

On Apr 13, 2022, Sangfor FarSight Labs received a notice about the Windows Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2022-26809).

On Apr 13, 2022, Sangfor FarSight Labs released a vulnerability alert with remediation solutions.

6. Reference

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809

7. Learn More

Sangfor FarSight Labs researches the latest cyberthreats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyberthreats, providing fast and easy protection for customers.

Listen To This Post

Search

Keyword maximum 256 character

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Name
Email Address
Business Phone Number
Tell us about your project requirements

Related Articles

CVE-2024-47575: Fortinet FortiManager Authentication Vulnerability

Date : 25 Oct 2024
Read Now

CVE-2024-38819: Path Traversal Vulnerability

Date : 19 Oct 2024
Read Now

CVE-2024-40766: SonicWALL SonicOS Access Control Flaw Vulnerability

Date : 12 Sep 2024
Read Now

See Other Product

Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
Sangfor Network Secure - Next Generation Firewall
Platform-X
Sangfor Access Secure

Meet the Author

About Sangfor

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • facebook
  • twitter
  • linkedin
  • youtube
  • instagram
See Author's Detail