Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Microsoft Bug Networking Security

After Microsoft Releases Patch for RPC Exploit: What the Honeypot Saw (sans.edu) 9

Long-time Slashdot reader UnderAttack writes: After Microsoft patched and went public with CVE-2022-26809, the recent Remote Procedure Call vulnerability, the SANS Internet Storm Center set up a complete Windows 10 system exposing port 445/TCP "to the world." The system is not patched for the RPC vulnerability. But so far, while it has seen thousands of attacks against SMB a day, nothing yet for the new RPC vulnerability....

But still, attackers are heavily hitting other vulnerabilities like of course still ETERNALBLUE

From the article: Should you stop rushing out the April patch? Absolutely not. I hope you are already done applying the patch. But the April Windows patch had several additional gems, not just patches for RPC. Chatter about CVE-2022-26809 has died down, but as they say: Sometimes the quiet ones are the dangerous ones, and people able to exploit this vulnerability may not broadcast what they are doing on social media.
The article is credited to Johannes B. Ullrich, Ph.D. , Dean of Research at the security site SANS.edu.

Interestingly, Ullrich's byline is hyperlinked to a Google+ profile which has been unavailable for nearly three years.
This discussion has been archived. No new comments can be posted.

After Microsoft Releases Patch for RPC Exploit: What the Honeypot Saw

Comments Filter:
  • I'm not sure if you'd see an exploit like this used on a directly connected PC per se, I would expect to see it infiltrate behind a firewall as part of another exploit.
    Phishing downloads a package on a corporate network, that starts exploiting the SMB vulnerability spreading to more systems.

    Maybe if they advertised "Honeypot here" to the Chinese or North Koreans they'd also get a hit just for shits and giggles.

  • No attack detected (Score:4, Interesting)

    by backslashdot ( 95548 ) on Saturday April 30, 2022 @12:57PM (#62492210)

    Since it was Microsoft, we can safely assume the hackers got around the exploit detection.

  • So an article written about how basically the internet was observed after an exploit.

    Some random boring Cricket connections. Nothing interesting to report on but somehow the article is here.

  • by 93 Escort Wagon ( 326346 ) on Saturday April 30, 2022 @01:30PM (#62492264)

    It's doubtful the author sees his byline while he's writing the story; and it's probably someone else's job to proof it afterward.

    Not to mention that just about no one cared about Google+ even when it even existed - so this may be the first time that link was ever clicked on...

  • The part that surprised me the most about Microsoft's response is that Windows 7 is still getting security updates for this issue.

    • Too many POS customers to ditch Win7 major security updates at this time. Can't just give the critical security updates only to the POSReady customers, or they'll get roasted (and rightly so.) They said they would stop supporting them October 12, 2021, but for all their many faults Microsoft does have a history of delivering some critical security updates well after operating systems have gone out of official support. If they burn their former customers hard enough, they won't want to be customers again.

  • if all you do is wait for someone else to update signatures.
  • So, if i get the patch.. I am not protected from the exploit, but i should get it anyways, because it provides protection from severe compromise?...

If money can't buy happiness, I guess you'll just have to rent it.

Working...