Detect to protect: Reposify’s EASM flags exposed assets vulnerable to Microsoft SMB (CVE-2022-26809)

Detect to protect: Reposify’s EASM flags exposed assets vulnerable to Microsoft SMB (CVE-2022-26809)

Share:

Share on linkedin
Share on facebook
Share on twitter

Microsoft released over 100 security updates during its monthly patch cycle among them critical remote code execution (RCE) vulnerabilities located in Microsoft’s Server Message Block (SMB), a protocol used primarily for file sharing and inter-process communication including Remote Procedure Calls (RPCs).

The flaw, tracked as CVE-2022-26809, a CVSS 9.8 rated vulnerability in SMB, allows an attacker to send an RPC call to host with open SMB port and execute code remotely. The CVE-2022-26809 flaw is one of three RPC vulnerabilities Microsoft patched. The other two are tracked as CVE-2022-24492 and CVE-2022-24528.

How can these vulnerabilities affect my organization?

Successful exploitation of this vulnerability can enable attackers to access internal and external facing systems through remote access, all without authentication. In the case of the Microsoft vulnerabilities, the attacker will be able to execute code on the vulnerable machines with the privileges of the RPC service through the SMB port (445). The attack is relatively easy to carry out, and doesn’t require technical knowledge. The vulnerability also may allow attackers to move laterally and look for additional vulnerable systems or more vulnerabilities in the network.

The example of the above exploitation should raise alarm for CISOs. Reposify’s EASM platform enables real-time asset monitoring. In this example, more than 800,000 nodes with open SMB protocol have been identified using our Reposify EASM platform, some of which are hosted on systems with patch installed, though most of them are still not patched. These vulnerabilities could be a direct vector for malicious parties to take advantage of the unpatched systems — posing undue risk to an organization at large.

My company is vulnerable. What steps can I take to defend against these threats?

First, immediately install Microsoft security updates and make sure your organization’s Windows machines are updated. It’s critical that all companies avoid opening SMB outside of the organization’s perimeter, as this may only serve to enhance vulnerability.
As for what companies should do if they aren’t in a position to patch immediately, the best place any of us can start is preparedness. Organizations are limited to only protecting assets they know are there.  An EASM platform like Reposify’s empowers companies with precisely-mapped, comprehensive portrayal of their asset inventory. It frees up manpower critical to security teams as they grapple with RCE hacks like the one presented by Microsoft, allowing organizations to streamline response time by assessing where they are most vulnerable.

How Reposify’s EASM platform flags exposed unknown assets vulnerable to RPC/SMB threat

Reposify’s discovery mechanism empowers companies with precisely-mapped, comprehensive portrayal of their asset inventory. It frees up manpower critical to security teams as they grapple with the expanding attack surface. The platform maps the web in real-time, enabling security teams to detect unknown exposed assets that are vulnerable for Microsoft’s RCE threats and pose a risk to your organization. 

Reposify platform allows you to sort assets based on filters via GUI or API of your choosing, leveraging an intuitive user interface for easy navigation, identification, and asset monitoring.

Only by having an accurate inventory that takes the entire supply chain, third party vendors and subsidiaries into account can organizations achieve true perimeter security.
Think you’re vulnerable? Request a demo here.

Shlomi has been an information technology professional for over fifteen years with extensive experience with roles spanning across Software Development Life Cycle (SDLC), IT infrastructure, cryptography, security architecture, operations security, business continuity and Disaster Recovery Planning (DRP), legal, regulations, investigations and compliance, design DevOps (CI-CD process) to cloud platforms. Shlomi has worked on large complex InfoSec projects worldwide. He brings the expertise of defensive & offensive methodologies in cybersecurity. Shlomi is focused on excellence in all aspects of business and life and contributes his knowledge in technical documentation including Cloud Security Alliance (CSA).

Share:

Share on linkedin
Share on facebook
Share on twitter

Ready to discover your External Attack Surface?

Read Next

Security teams: here’s why you should choose EASM over Shodan?

If you are using Shodan to search for your company’s assets or perform reconnaissance as part of blue or red teams routines - you need to keep reading.

Spring4Shell is on the rise. EASM is a necessity.

Reposify’s EASM platform provides deep, real-time understanding of known and unknown assets exposed and vulnerable to Spring4Shell, instantly mitigating critical risk for any organization
Yaron Tal

My Entrepreneurial Journey Began With a Eureka Moment, and Now Continues With Raising $8.5m in Seed Round(!)

Reposify announced an $8.5 million seed round of funding. Hear Yaron Tal, founder & CTO at Reposify, tell his entrepreneurial story, from vision to reality.
Yaron Tal