Microsoft releases patch for RCP vulnerability (why you need to act quickly)

Earlier this week, Microsoft released 117 security patches for April patch Tuesday, including CVE-2022-26809, a CVSS 9.8 rated vulnerability In Remote Procedure Call (RPC) that enables an attacker to send an RPC call to an RPC host and execute code on a remote server. 

 “It could allow an attacker to execute code with high privileges on an affected system,” said CrowdStrike Falcon Spotlight Team researchers in a recent blog post. “This vulnerability could be used for lateral movement by an attacker. We recommend that your team test and deploy this patch quickly as possible.” 

For enterprises, this vulnerability, if left unpatched, could leave Windows servers vulnerable to compromise and enable a hacker to breach internal systems without any authentication process. 

As a result, Microsoft recommends that enterprises take immediate action to block TCP 445 on their perimeter firewall to stop external attackers from leveraging the vulnerability and to follow Microsoft guidelines to secure SMB traffic with segmentation and isolation techniques. 

How to scale to manage CVE vulnerabilities 

While the RCP vulnerability may seem simple to patch and mitigate on the surface, historically, many organizations have struggled to deploy critical security patches until it’s too late. 

In fact, research shows that 61% of security vulnerabilities that exist in corporate networks are from 2016 or even older and hackers have used unpatched vulnerabilities to perpetrate some of the largest cyberattacks in history, including the WannaCry ransomware attack in 2017. 

One of the key reasons why organizations fail to deploy security patches is that there are too many to manage. In 2021 alone, there were 18,378 vulnerabilities reported with 3,646 high-risk vulnerabilities. 

With such a high number of vulnerabilities to mitigate, security teams struggle to scale if they don’t have access to a vulnerability management solution. 

These solutions are critical as security analysts not only need to have the ability to identify vulnerabilities that exist throughout the environment, they also need the capability to manage and prioritize them.

The vulnerability management market 

As more organizations find it difficult to keep up with the growing list of vulnerabilities, vulnerability management solutions aim to provide an automated solution for identifying and prioritizing the remediation of weaknesses throughout IT environments. 

These solutions are growing increasingly popular to the extent that researchers expect the global security and vulnerability management market, valued at $13.8 billion in 2020, to reach $18.7 billion by 2026 as more organizations look to automated solutions to manage and prioritize vulnerabilities at scale. 

One of the main providers in the market is Crowdstrike, which raised $1.45 billion in revenue last year and offers a vulnerability management platform called Falcon Spotlight.

Falcon Spotlight  provides enterprises with continuous vulnerability assessments throughout their environment, giving them the option to conduct real-time or historical scans and to filter by CVE vulnerabilities. 

Competitors such as Rapid7 with InsightVM, a solution that enables security teams to scan vulnerabilities existing across endpoints, cloud and virtualized infrastructure, with a real-time dashboard view of discovered vulnerabilities and step-by-step remediation guidance. 

Currently Rapid7 remains in a state of growth, reporting annual recurring revenue of $432.9 million, an increase of 28% year-on-year. 

As a tool, InsightVM aims to differentiate themselves from competitors by using depth of vulnerability reporting on types of hosts, OS data and discovered vulnerabilities, whereas CrowdStrike Falcon Spotlight puts more emphasis on endpoint protection, enabling users to automatically isolate high-risk endpoints.