Still Have 445 Port Open to Internet?

CVE-2022-26809 is a vulnerability exists within the Remote Procedure Call Runtime component in Microsoft Windows. If an attacker successfully exploits the vulnerability, then she/he could run arbitrary code on the affected system.

To exploit this vulnerability, an attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.

The vulnerable system can be exploited without any interaction from any user.

This is a really contains a high risk and should be patched immediately.

Vulnerable Technologies:
Microsoft reports that the following products and versions are vulnerable:

Windows 7 32-bit SP 1
Windows 7 x64 SP 1
Windows 8.1 32-bit
Windows 8.1 x64
Windows 10 32-bit
Windows 10 x64
Windows 10 20H2 32-bit
Windows 10 20H2 ARM64
Windows 10 20H2 x64
Windows 10 21H1 32-bit
Windows 10 21H1 ARM64
Windows 10 21H1 x64
Windows 10 21H2 32-bit
Windows 10 21H2 ARM64
Windows 10 21H2 x64
Windows 10 1607 32-bit
Windows 10 1607 x64
Windows 10 1809 32-bit
Windows 10 1809 ARM64
Windows 10 1809 x64
Windows 10 1909 32-bit
Windows 10 1909 ARM64
Windows 10 1909 x64
Windows 11 ARM64
Windows 11 x64
Windows RT 8.1
Windows Server 2008 32-bit SP 2
Windows Server 2008 x64 SP 2
Windows Server 2008 R2 x64 SP 1
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Server 2019
Windows Server 2022
Windows Server Version 20H2

Mitigation:

Microsoft recommends blocking port 445 at the perimeter firewall as a technique to mitigate the possibility of internet-based exploitation.

Remediation:

Organizations need a continuous port/vulnerability scan to detect to see if any port is open momentarily to the outside. If a continuous scan is not possible because of sensitive systems, an Attack Surface Management system should be used for instant detection.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s