Microsoft has released security patches for April patch Tuesday, including CVE-2022-26809, a CVSS 9.8 rated vulnerability In Remote Procedure Call (RPC) that enables an attacker to send an RPC call to an RPC host, and execute code on a remote server.
This will allow an attacker to execute code with high privileges on an affected system. This vulnerability could be used for lateral movement by an attacker. This vulnerability, if left unpatched, could leave Windows servers vulnerable to compromise and enable a hacker to breach internal systems without any authentication process.
Microsoft recommends enterprises take immediate action to block TCP 445 on their perimeter firewall to stop external attackers from leveraging the vulnerability and to follow Microsoft guidelines to protect SMB traffic with segmentation and isolation techniques. RPC vulnerability may looks simple to patch and mitigate on the surface, but organizations have struggled to deploy critical security patches until it’s too late.
Research shows that 61% of security vulnerabilities that exist in corporate networks are from 2016 or even older, and hackers have used unpatched vulnerabilities to perpetrate some of the largest cyber attacks in history, including the WannaCry ransomware in 2017.
The key reasons why organizations fail to deploy security patches is that there are too many to manage. With such a high number of vulnerabilities to mitigate, security teams struggle to scale if they don’t have access to a vulnerability management solution which will prioritize and mitigate on time