After Microsoft Releases Patch for RPC Exploit: What the Honeypot Saw (sans.edu) 9
Long-time Slashdot reader UnderAttack writes: After Microsoft patched and went public with CVE-2022-26809, the recent Remote Procedure Call vulnerability, the SANS Internet Storm Center set up a complete Windows 10 system exposing port 445/TCP "to the world." The system is not patched for the RPC vulnerability. But so far, while it has seen thousands of attacks against SMB a day, nothing yet for the new RPC vulnerability....
But still, attackers are heavily hitting other vulnerabilities like of course still ETERNALBLUE
From the article: Should you stop rushing out the April patch? Absolutely not. I hope you are already done applying the patch. But the April Windows patch had several additional gems, not just patches for RPC. Chatter about CVE-2022-26809 has died down, but as they say: Sometimes the quiet ones are the dangerous ones, and people able to exploit this vulnerability may not broadcast what they are doing on social media.
The article is credited to Johannes B. Ullrich, Ph.D. , Dean of Research at the security site SANS.edu.
Interestingly, Ullrich's byline is hyperlinked to a Google+ profile which has been unavailable for nearly three years.
But still, attackers are heavily hitting other vulnerabilities like of course still ETERNALBLUE
From the article: Should you stop rushing out the April patch? Absolutely not. I hope you are already done applying the patch. But the April Windows patch had several additional gems, not just patches for RPC. Chatter about CVE-2022-26809 has died down, but as they say: Sometimes the quiet ones are the dangerous ones, and people able to exploit this vulnerability may not broadcast what they are doing on social media.
The article is credited to Johannes B. Ullrich, Ph.D. , Dean of Research at the security site SANS.edu.
Interestingly, Ullrich's byline is hyperlinked to a Google+ profile which has been unavailable for nearly three years.
Odd (Score:2)
I'm not sure if you'd see an exploit like this used on a directly connected PC per se, I would expect to see it infiltrate behind a firewall as part of another exploit.
Phishing downloads a package on a corporate network, that starts exploiting the SMB vulnerability spreading to more systems.
Maybe if they advertised "Honeypot here" to the Chinese or North Koreans they'd also get a hit just for shits and giggles.
Re: (Score:2)
Don't you worry. UPNP will gladly open and forward all requried ports for you.
No attack detected (Score:4, Interesting)
Since it was Microsoft, we can safely assume the hackers got around the exploit detection.
Internet was observed... okays (Score:2)
So an article written about how basically the internet was observed after an exploit.
Some random boring Cricket connections. Nothing interesting to report on but somehow the article is here.
Unsurprising about the byline (Score:3)
It's doubtful the author sees his byline while he's writing the story; and it's probably someone else's job to proof it afterward.
Not to mention that just about no one cared about Google+ even when it even existed - so this may be the first time that link was ever clicked on...
Windows 7 still gets updates (Score:2)
The part that surprised me the most about Microsoft's response is that Windows 7 is still getting security updates for this issue.
Re: (Score:3)
Too many POS customers to ditch Win7 major security updates at this time. Can't just give the critical security updates only to the POSReady customers, or they'll get roasted (and rightly so.) They said they would stop supporting them October 12, 2021, but for all their many faults Microsoft does have a history of delivering some critical security updates well after operating systems have gone out of official support. If they burn their former customers hard enough, they won't want to be customers again.
Argh! Are you really a security professional... (Score:2)
So, if i get the patch.. (Score:1)
So, if i get the patch.. I am not protected from the exploit, but i should get it anyways, because it provides protection from severe compromise?...