Immediate Patch Recommended for Critical Microsoft Vulnerability

This month sees Microsoft patch 145 vulnerabilities, including 3 rated critical at 9.8 and seven at 7.7 and above.

One vulnerability that immediately caught the eye of our penetration testers was CVE-2022-26809.

What is CVE-2022-26809?

CVE-2022-26809 is an RPC Code Execution Vulnerability that allows remote attackers to execute code with high privileges on an affected system with no user interaction required.

It is understood that the vulnerability can be remotely exploited over the internet for hosts that expose the SMB service and have not applied the recommended patches.

What is vulnerable?

Windows versions affected include Windows 7 through to Windows Server 2022. Please refer to CVE-2022-26809 for full details on affected versions.

What Should You Do?

We recommend that organisations follow the remediation guidance provided by Microsoft and conduct testing to ensure they are not exposed to this vulnerability.

Penetration Testing

How far could an attacker get?

Baseline Assessment

How secure are you?

Our services

All of Secora Consulting's assessments are tailored to our client's needs.
Using our experience, we can help you determine which services are right for you.

Baseline Assessment

How secure are you?

Penetration Testing

How far could an attacker get?

Adversary Simulation

How do you respond to an attack?

Incident Response

How do you recover from an attack?

Cyber Advisory Services

Are you cyber ready?

Secure your success.

If you have any questions or are unsure if the steps you are taking to help keep your organisation secure are working, please reach out to us.