Immediate Patch Recommended for Critical Microsoft Vulnerability

This month sees Microsoft patch 145 vulnerabilities, including 3 rated critical at 9.8 and seven at 7.7 and above.

One vulnerability that immediately caught the eye of our penetration testers was CVE-2022-26809.


What is CVE-2022-26809?

CVE-2022-26809 is an RPC Code Execution Vulnerability that allows remote attackers to execute code with high privileges on an affected system with no user interaction required.

It is understood that the vulnerability can be remotely exploited over the internet for hosts that expose the SMB service and have not applied the recommended patches.


What is vulnerable?

Windows versions affected include Windows 7 through to Windows Server 2022. Please refer to CVE-2022-26809 for full details on affected versions.


What Should You Do?

We recommend that organisations follow the remediation guidance provided by Microsoft and conduct testing to ensure they are not exposed to this vulnerability.


Download a copy of Developing a Cyber Security Strategy for SMEs

watermark secora outline

Our services

All of Secora Consulting's assessments are tailored to our client's needs.
Using our experience, we can help you determine which services are right for you.

Secure your success.

If you have any questions or are unsure if the steps you are taking to help keep your organisation secure are working, please reach out to us.