myDRE is NOT vulnerable for CVE-2022-26809 - Serious Vulnerabilities in Microsoft Windows Workplaces and Servers
Situation
Last “patch Tuesday” Microsoft disclosed and fixed a large number of serious vulnerabilities in Microsoft Windows. One of these vulnerabilities is identified as CVE-2022-26809 with a CVSS score of 9.8 (scale 1-10). CVE-2022-26809 is a vulnerability in Windows RPC, an attacker could exploit the vulnerability to remotely execute arbitrary code on a system. Exploit code for this vulnerability is expected to be released in the near future. The vulnerability is potentially "wormable". This means that the malware exploiting the vulnerability can easily copy and run itself from the 1st system to the other, without requiring any user interaction.
More information about this vulnerability can be found at the NCSC (https://advisories.ncsc.nl/advisory?id=NCSC-2022-0250) and Microsoft (https://msrc.microsoft.com/update-guide/vulnerability /CVE-2022-26809).
Assessment
- For the vulnerability to be exploited, inbound access is required.
- myDRE VMs at best have outbound access
- The exploit is assessed with: Due to lack of connectivity for the exploit is assessed with:
- Impact = HIGH
- attackers can exploit a big port range over SMB instructions
- Severity = LOW
- Lack of connectivity with VMs from outside; inbound is blocked
- The above results in:
- Threat = LOW => Priority = LOW
Actions
- A Product Backlog Item with Priority low/medium to patch this vulnerability
Related Articles
myDRE is NOT vulnerable for CVE-2022-26809
Last “patch Tuesday” Microsoft disclosed and fixed a large number of serious vulnerabilities in Microsoft Windows. One of these vulnerabilities is identified as CVE-2022-26809 with a CVSS score of 9.8 (scale 1-10). myDRE is NOT vulnerable for ...myDRE NOT vulnerable for CVE-2021-4428 - Apache Log4J2
anDREa does not use Apache Log4J2 nor forks in production. update: 2021/12/13 Workspaces that might have installed Log4J2 on their VM(s), Windows or Linux, are not vulnerable for no Workspace is allowed to have inbound access. Read more ...myDRE is NOT vulnerable for Text4Shell (CVE-2022-42889)
TL;DR myDRE is NOT vulnerable for Text4Shell (CVE-2022-42889). The National Cyber Security Center (NCSC) has announced that a vulnerability with impact High/High (CVE-2022-42889) has been identified in Apache Commons Text v1.5-v1.9. It is being ...Windows-Base 1.0.5
OS Windows Server 2019 Browsers Microsoft Edge Chrome Utilities Notepad++ 7-ZipVulnerability in Apache Log4j (CVE-2021-44228)
Background See: https://nvd.nist.gov/vuln/detail/CVE-2021-44228 Impact on anDREa and all its services Production anDREa does not use Log4J or forks in production. Impact: NONE Actions: no action needed update: 2021/12/13 Workspaces that might have ...