Critical Remote Code Execution Vulnerabilities in Windows RPC Runtime



Microsoft’s April 2022 Patch Tuesday introduced patches to more than a hundred new vulnerabilities in various components. Three critical vulnerabilities were found and patched in Windows RPC (Remote Procedure Call) runtime:

  1. CVE-2022-24492 and CVE-2022-24528 (discovered by Yuki Chen with Cyber KunLun)
  2. CVE-2022-26809 (discovered by BugHunter010 with Kunlun) 

In this blog post we aim to provide information about the three vulnerabilities, the implication of their exploitation, the scope of effect and how they can be mitigated. 

We recently wrote a guide about RPC filters, a tool for limiting and blocking RPC traffic on and between Windows machines. Although we have not yet determined whether RPC filters are an applicable solution for the discussed vulnerabilities, we would recommend reading the blog to better understand the mechanism.

Read more…