The Cybersecurity and Infrastructure Security Agency (CISA), a unit of the Department of Homeland Security (DHS), has issued an alert regarding an advisory released by Microsoft concerning a critical remote code execution vulnerability.
The vulnerability, which is identified as CVE-2022-26809, affects the Remote Procedure Runtime Library. According to Microsoft, the vulnerability enables a cyberattacker to take control of a system. This would be done by “sending a specially crafted RPC call (remote procedure call) to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.”
Microsoft recommends the following actions:
Further, CISA recommends that users and administrators review Microsoft’s advisory and apply the recommended mitigations.
As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.