University of Wisconsin–Madison

Cybersecurity Announcement: Microsoft Remote Procedure Call Runtime Remote Code Execution Vulnerability

About the event

Microsoft released a patch as part of April 2022’s Patch Tuesday for a Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2022-26809). This vulnerability impacts most Windows Server and Desktop versions, including Windows 7 and Windows 11.

Actions to Consider

This vulnerability will be repaired with Patch Tuesday updates. This should be applied with scheduled patches if applicable, but no later than April 30. The Office of Cybersecurity will send additional notification if this vulnerability becomes more urgent.

Event Impact

Successful exploitation of this vulnerability could result in remote code execution with the same permissions as the RPC service. No credentials or user action is necessary to exploit this vulnerability. Microsoft is not aware of any exploits in the wild, but does indicate that they consider this “More Likely” to be exploited in the future.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809
https://isc.sans.edu/forums/diary/Microsoft+April+2022+Patch+Tuesday/28542/

Cybersecurity Author: Julie V. Johnson