Microsoft published 117 security fixes for April Patch Tuesday, one of which addressed CVE-2022-26809, a CVSS 9.8-rated vulnerability.
In Remote Procedure Call (RPC), an attacker can submit an RPC request to an RPC host and execute code on the remote server. If left unpatched, this vulnerability might leave Windows servers exposed to compromise, allowing a hacker to infiltrate internal systems without requiring authentication.
As a result, Microsoft strongly advises businesses to immediately block TCP 445 on their perimeter firewall to prevent external attackers from exploiting the issue.