Cybersecurity Threat Advisory: Microsoft Critical Remote Code Execution Vulnerability

Advisory Overview

The Cybersecurity and Infrastructure Security Agency (CISA), a unit of the Department of Homeland Security (DHS), has issued an alert regarding an advisory released by Microsoft concerning a critical remote code execution vulnerability.

What Is the Threat?

The vulnerability, which is identified as CVE-2022-26809, affects the Remote Procedure Runtime Library. According to Microsoft, the vulnerability enables a cyberattacker to take control of a system. This would be done by “sending a specially crafted RPC call (remote procedure call) to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.”

What Are the Recommendations?

Microsoft recommends the following actions:

• Block TCP port 445 at the enterprise perimeter firewall
• Follow Microsoft guidelines to secure Server Message Block (SMB) traffic

Further, CISA recommends that users and administrators review Microsoft’s advisory and apply the recommended mitigations.

As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.