fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Critical Windows RPC CVE-2022-26809 Flaw Raises Concerns — Patch Now

Critical Windows RPC CVE-2022-26809 Flaw Raises Concerns — Patch Now

Microsoft has fixed a new Windows RPC CVE-2022-26809 vulnerability that is raising concerns among security researchers due to its potential for widespread, significant cyberattacks once an exploit is developed. Therefore, all organization needs to apply Windows security updates as soon as possible.

Microsoft fixed this vulnerability as part of the April 2022 Patch Tuesday updates and rated it as ‘Critical,’ as it allows unauthorized remote code execution through a bug in the Microsoft Remote Procedure Call (RPC) communication protocol.

If exploited, any commands will be executed at the same privilege level as the RPC server, which in many cases has elevated or SYSTEM level permissions, providing full administrative access to the exploited device.

The Microsoft Remote Procedure Call (RPC) protocol is a communication protocol that allows processes to communicate with each other, even if those programs are running on another device.

RPC allows processes on different devices to communicate with each other, with the RPC hosts listening for remote connections over TCP ports, most commonly ports 445 and 135.

Also Read: The Top 4W’s of Ethical Hacking

CVE-2022-26809 in the crosshairs

After Microsoft released security updates, security researchers quickly saw the potential for this bug to be exploited in widespread attacks, similar to what we saw with the 2003 Blaster worm and 2017 Wannacry attacks utilizing the Eternal Blue vulnerability.

Researchers have already started analyzing and publishing technical details about the vulnerability, which other researchers and threat actors will use to piece together into a workable exploit.

For example, researchers at Akamai have already tracked the bug down to a heap buffer overflow in the rpcrt4.dll DLL.

“Diving deeper into the vulnerable code in OSF_SCALL:GetCoalescedBuffer, we noticed that the integer overflow bug could lead to a heap buffer overflow, where data is copied onto a buffer that is too small to populate it,”Akamai explained in their technical writeup.

“This in turn allows data to be written out of the buffer’s bounds, on the heap. When exploited properly, this primitive could lead to remote code execution.”

Sentinel One researcher Antonio Cocomazzi has also played with the bug and successfully exploited it on a custom RPC server, not a built-in Windows service.

The good news is that it may require a specific RPC configuration to be vulnerable, but that is still being analyzed.


While researchers are still working on figuring out the full technical details of the bug and how to reliably exploit it, security researcher Matthew Hickey, co-founder of Hacker House, has also been playing analyzing the vulnerability.

Hickey told BleepingComputer that it is only a matter of time until an exploit is developed and that it could have the potential for damaging results.

Also Read: What is Social Engineering and How Does it Work?

“It’s as bad as it can get for Windows enterprise systems, it is important to stress that people should apply the patch because it can surface in a number of configurations of both client and server RPC services,” Hickey told BleepingComputer in a conversation about the bug.

“This has the potential to be another global event similar to WCRY, depending on how long it takes attackers to weaponize and exploit. I would expect attacks to begin ramping up with this vulnerability in the coming weeks.”

Hickey tells BleepingComputer that the vulnerable DLL, rpcrt4.dll, is not only used by Microsoft services but also by other applications, further increasing the exposure of this vulnerability.

“The main issue is that because its within the rpcrt4.dll there are not just default microsoft services but all manner of third party applications that will be impacted, so even if you just block the common windows ports, you might still have some software that is both vulnerable in client / server mode – things like backup agents, antivirus, endpoint software, even pentest tools that use RPC.”

Will Dormann, a vulnerability analyst at the CERT/CC, warns that all admins must block port 445 at the network perimeter so that vulnerable servers are not exposed to the Internet. By blocking port 445, the devices are not only protected from remote threat actors but also from potential network worms that may utilize the exploit.

Dormann says that at this time there are over 1.3 million devices exposing port 445 to the Internet, offering a massive pool of targets to exploit.

However, even if admins block port 445 and 135 at the perimeter, it is not enough. As unless security updates are installed, the devices will still be vulnerable internally to threat actors who compromise a network.

As this vulnerability is ideal for spreading laterally in a network, we will almost surely see it used by ransomware gangs in the future.

While it’s not time to panic about this vulnerability, admins need to make patching these devices a priority, as an exploit can be released at any time.

Once an exploit is released, it usually only takes threat actors a short time to weaponize it in attacks.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us