Immediate Patch Recommended for Critical Microsoft Vulnerability
This month sees Microsoft patch 145 vulnerabilities, including 3 rated critical at 9.8 and seven at 7.7 and above.
One vulnerability that immediately caught the eye of our penetration testers was CVE-2022-26809.
What is CVE-2022-26809?
CVE-2022-26809 is an RPC Code Execution Vulnerability that allows remote attackers to execute code with high privileges on an affected system with no user interaction required.
It is understood that the vulnerability can be remotely exploited over the internet for hosts that expose the SMB service and have not applied the recommended patches.
What is vulnerable?
Windows versions affected include Windows 7 through to Windows Server 2022. Please refer to CVE-2022-26809 for full details on affected versions.
What Should You Do?
We recommend that organisations follow the remediation guidance provided by Microsoft and conduct testing to ensure they are not exposed to this vulnerability.
All of Secora Consulting's assessments are tailored to our client's needs.
Using our experience, we can help you determine which services are right for you.