Microsoft Patches April 2022
Microsoft have recently released some detail surrounding a critical vulnerability assigned CVE-2022-26809. This is an unauthenticated remote code execution affecting Remote Procedure Call (RPC) protocol, designated 9.8/10.0 on the Common Vulnerability Scoring System(CVSS) for severity.
Previous instances of exploitation against port 445 have been widely disruptive, EternalBlue and WannaCry for instance.
Please refer to Microsoft’s guidance below on affected products as this affects most versions of Microsoft Windows, Microsoft Windows Server, and Server Core installations.
Mitigations provided by Microsoft include blocking TCP port 445 at the perimeter, and hardening usage of SMB. Please note this can help mitigate immediate risk from untrusted sources, but will not protect devices behind the perimeter.
Additional RPC ports to consider include 135 and 593.
If you are in a position to implement the above it would be advisable to additionally block inter-client SMB/RPC communication, i.e., desktop to desktop, leaving communication open to only required servers.
It is highly advisable to expedite any patching processes, and to prioritise devices most at risk of untrusted access.
Please see Microsoft’s official documentation below:
If you have any concerns regarding this matter, please contact Daisy via our Service Desk team on 0330 024 3333 or our Customer Portal.