Secure Code Warrior

Get ahead of software vulnerabilities in NGINX and Microsoft Windows SMB Remote Procedure Call service

Recently, NGINX has disclosed a zero-day vulnerability. Around the same time, Microsoft has disclosed another critical vulnerability - Windows RPC RCE vulnerability. in this post, you can find out who's at risk of these two issues and how we can mitigate the risk.

When it comes to security and protecting your data, rapid responses to the latest development is critical. After all, hacks and threats can come at any time so it’s important to stay vigilant. Here at Secure Code Warrior, we strive to provide you with up to date information on the latest vulnerabilities, what steps to take to mitigate risk and how to protect your users. Just like with the recent announcements to help you with the Spring library vulnerabilities, we’re here to discuss 2 newly discovered vulnerabilities. 

Today we are focusing on 2 new vulnerabilities: first Microsoft’s Server Message Block known as “Windows RPC RCE” and second, NGINX known as “LDAP Reference Implementation.”

Read on to learn what we know about these vulnerabilities so far and what you can do to mitigate your risk. 

Microsoft Windows RPC RCE - CVE-2022-26809

During April’s Patch Tuesday, Microsoft disclosed a vulnerability in their Server Message Block (SMB) functionality, specifically the part handling RPCs. This may sound familiar to you, as the vulnerability is similar to CVE-2003-0352 - an exploitation used by the worm blaster all the way back in 2003! 

What is the level of risk and likelihood for exploitation?

Microsoft’s advisory has indicated that “Attack Complexity” is “Low”, and assessed exploitation risk to be “Exploitation More Likely”, the highest level in the absence of proven exploitation in the wild. 

Currently, there are no known exploitations but due to the low attack complexity and “more likely” exploitation assessment, there are concerns that malicious actors could quickly and easily take advantage through Blaster attacks.  

Researchers have identified a large number of hosts on the public internet with port 139/445 accessible, which is quite worrisome if large-scale exploration were to occur. 

What steps should users take to mitigate risk?

Luckily, mitigating the risk of being exploited by this vulnerability is relatively easy. 

  1. Ensure that you block access to port 139 and 445 from the internet and when access is needed, limit it to internal access only. You can find more details from Microsoft’s documentation here
  2. Apply the patches released by Microsoft on April 12th, 2022.

NGINX - LDAP Reference Implementation RCE

NGINX disclosed on April 11, 2022, a new vulnerability known as “LDAP Reference Implementation RCE” that allows for Remote Code Execution (RCE) on the system.

What is the vulnerability?

This vulnerability is unique because it does not affect code that is meant to be used in production or commonly sensitive systems. Rather, as “reference implementation” in the name indicates, the purpose of the code is to demonstrate how LDAP integration can work in an NGINX setup.

Who is at risk and what should you do to protect your code?

Fortunately,  NGINX is not vulnerable by default. The primary risk is when the LDAP extension is installed. Even then, multiple other conditions also need to be true for the vulnerability  to be exploitable. One action that we recommend taking is if you use the reference implementation, make sure to switch to using a production-ready implementation. 

For full details, check out the NGINX disclosure.

Vulnerabilities leaving you feeling exposed? We can help.

From today’s Windows RPC RCE and NGINX - LDAP Reference Implementation RCE to last month’s Spring vulnerabilities, it’s clear that software vulnerabilities are ever present. 

Most companies focus on rapid response strategies to mitigate risk to code and customers, but that has a reactive approach that while important can leave you at risk. We believe that a proactive strategy for building secure code, upskilling your developers, and creating a security focused culture is the best way to protect yourselves against threats. 

Emphasizing developer-driven security at the start of the software development lifecycle will lead to increased protection, more efficient code deployment, and saving you time and money.

Secure Code Warrior is here to help with our unique training platform that goes from educational content to hands-on applications of the new skills your team is learning.  

Discover how Secure Code Warrior learning platform can help train your developers in secure coding.