Microsoft fixed a new vulnerability in Windows RPC CVE-2022-26809 that worried security researchers due to the potential for large-scale and serious cyberattacks after the exploit was developed. Therefore, all organizations should apply Windows Security Updates as soon as possible.

Microsoft fixed this vulnerability as part of Tuesday’s April 2022 Update Update and rated it “critical” because it involved unauthorized remote code execution due to a bug in Microsoft Remote Paging Protocol (RPC).

In the case of hacking, any command will be executed with the same level of privileges as the RPC server, which in most cases has increased or system permissions, giving full administrative access to the running device.

The good news is that the vulnerability may require some RPC configuration, but this is still being analyzed.

Security researcher Matthew Hickey, co-founder of Hacker House, is also analyzing the vulnerability, while researchers are still working on figuring out all the technical details of the bug and how to use it reliably. Hickey told BleepingComputer that developing exploits is only a matter of time and can have devastating consequences. Source