Blog

Get ahead of software vulnerabilities in NGINX and Microsoft Windows SMB Remote Procedure Call service

Charlie Eriksen
Published Apr 14, 2022


When it comes to security and protecting your data, rapid responses to the latest development is critical. After all, hacks and threats can come at any time so it’s important to stay vigilant. Here at Secure Code Warrior, we strive to provide you with up to date information on the latest vulnerabilities, what steps to take to mitigate risk and how to protect your users. Just like with the recent announcements to help you with the Spring library vulnerabilities, we’re here to discuss 2 newly discovered vulnerabilities. 

Today we are focusing on 2 new vulnerabilities: first Microsoft’s Server Message Block known as “Windows RPC RCE” and second, NGINX known as “LDAP Reference Implementation.”

Read on to learn what we know about these vulnerabilities so far and what you can do to mitigate your risk. 

Microsoft Windows RPC RCE - CVE-2022-26809

During April’s Patch Tuesday, Microsoft disclosed a vulnerability in their Server Message Block (SMB) functionality, specifically the part handling RPCs. This may sound familiar to you, as the vulnerability is similar to CVE-2003-0352 - an exploitation used by the worm blaster all the way back in 2003! 

What is the level of risk and likelihood for exploitation?

Microsoft’s advisory has indicated that “Attack Complexity” is “Low”, and assessed exploitation risk to be “Exploitation More Likely”, the highest level in the absence of proven exploitation in the wild. 

Currently, there are no known exploitations but due to the low attack complexity and “more likely” exploitation assessment, there are concerns that malicious actors could quickly and easily take advantage through Blaster attacks.  

Researchers have identified a large number of hosts on the public internet with port 139/445 accessible, which is quite worrisome if large-scale exploration were to occur. 

What steps should users take to mitigate risk?

Luckily, mitigating the risk of being exploited by this vulnerability is relatively easy. 

  1. Ensure that you block access to port 139 and 445 from the internet and when access is needed, limit it to internal access only. You can find more details from Microsoft’s documentation here
  2. Apply the patches released by Microsoft on April 12th, 2022.

NGINX - LDAP Reference Implementation RCE

NGINX disclosed on April 11, 2022, a new vulnerability known as “LDAP Reference Implementation RCE” that allows for Remote Code Execution (RCE) on the system.

What is the vulnerability?

This vulnerability is unique because it does not affect code that is meant to be used in production or commonly sensitive systems. Rather, as “reference implementation” in the name indicates, the purpose of the code is to demonstrate how LDAP integration can work in an NGINX setup.

Who is at risk and what should you do to protect your code?

Fortunately,  NGINX is not vulnerable by default. The primary risk is when the LDAP extension is installed. Even then, multiple other conditions also need to be true for the vulnerability  to be exploitable. One action that we recommend taking is if you use the reference implementation, make sure to switch to using a production-ready implementation. 

For full details, check out the NGINX disclosure.

Vulnerabilities leaving you feeling exposed? We can help.

From today’s Windows RPC RCE and NGINX - LDAP Reference Implementation RCE to last month’s Spring vulnerabilities, it’s clear that software vulnerabilities are ever present. 

Most companies focus on rapid response strategies to mitigate risk to code and customers, but that has a reactive approach that while important can leave you at risk. We believe that a proactive strategy for building secure code, upskilling your developers, and creating a security focused culture is the best way to protect yourselves against threats. 

Emphasizing developer-driven security at the start of the software development lifecycle will lead to increased protection, more efficient code deployment, and saving you time and money.

Secure Code Warrior is here to help with our unique training platform that goes from educational content to hands-on applications of the new skills your team is learning.  

Discover how Secure Code Warrior learning platform can help train your developers in secure coding. 

View Resource
View Resource

Recently, NGINX has disclosed a zero-day vulnerability. Around the same time, Microsoft has disclosed another critical vulnerability - Windows RPC RCE vulnerability. in this post, you can find out who's at risk of these two issues and how we can mitigate the risk.

Interested in more?

Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.

Book a demo
Share on:
Author
Charlie Eriksen
Published Apr 14, 2022

Share on:


When it comes to security and protecting your data, rapid responses to the latest development is critical. After all, hacks and threats can come at any time so it’s important to stay vigilant. Here at Secure Code Warrior, we strive to provide you with up to date information on the latest vulnerabilities, what steps to take to mitigate risk and how to protect your users. Just like with the recent announcements to help you with the Spring library vulnerabilities, we’re here to discuss 2 newly discovered vulnerabilities. 

Today we are focusing on 2 new vulnerabilities: first Microsoft’s Server Message Block known as “Windows RPC RCE” and second, NGINX known as “LDAP Reference Implementation.”

Read on to learn what we know about these vulnerabilities so far and what you can do to mitigate your risk. 

Microsoft Windows RPC RCE - CVE-2022-26809

During April’s Patch Tuesday, Microsoft disclosed a vulnerability in their Server Message Block (SMB) functionality, specifically the part handling RPCs. This may sound familiar to you, as the vulnerability is similar to CVE-2003-0352 - an exploitation used by the worm blaster all the way back in 2003! 

What is the level of risk and likelihood for exploitation?

Microsoft’s advisory has indicated that “Attack Complexity” is “Low”, and assessed exploitation risk to be “Exploitation More Likely”, the highest level in the absence of proven exploitation in the wild. 

Currently, there are no known exploitations but due to the low attack complexity and “more likely” exploitation assessment, there are concerns that malicious actors could quickly and easily take advantage through Blaster attacks.  

Researchers have identified a large number of hosts on the public internet with port 139/445 accessible, which is quite worrisome if large-scale exploration were to occur. 

What steps should users take to mitigate risk?

Luckily, mitigating the risk of being exploited by this vulnerability is relatively easy. 

  1. Ensure that you block access to port 139 and 445 from the internet and when access is needed, limit it to internal access only. You can find more details from Microsoft’s documentation here
  2. Apply the patches released by Microsoft on April 12th, 2022.

NGINX - LDAP Reference Implementation RCE

NGINX disclosed on April 11, 2022, a new vulnerability known as “LDAP Reference Implementation RCE” that allows for Remote Code Execution (RCE) on the system.

What is the vulnerability?

This vulnerability is unique because it does not affect code that is meant to be used in production or commonly sensitive systems. Rather, as “reference implementation” in the name indicates, the purpose of the code is to demonstrate how LDAP integration can work in an NGINX setup.

Who is at risk and what should you do to protect your code?

Fortunately,  NGINX is not vulnerable by default. The primary risk is when the LDAP extension is installed. Even then, multiple other conditions also need to be true for the vulnerability  to be exploitable. One action that we recommend taking is if you use the reference implementation, make sure to switch to using a production-ready implementation. 

For full details, check out the NGINX disclosure.

Vulnerabilities leaving you feeling exposed? We can help.

From today’s Windows RPC RCE and NGINX - LDAP Reference Implementation RCE to last month’s Spring vulnerabilities, it’s clear that software vulnerabilities are ever present. 

Most companies focus on rapid response strategies to mitigate risk to code and customers, but that has a reactive approach that while important can leave you at risk. We believe that a proactive strategy for building secure code, upskilling your developers, and creating a security focused culture is the best way to protect yourselves against threats. 

Emphasizing developer-driven security at the start of the software development lifecycle will lead to increased protection, more efficient code deployment, and saving you time and money.

Secure Code Warrior is here to help with our unique training platform that goes from educational content to hands-on applications of the new skills your team is learning.  

Discover how Secure Code Warrior learning platform can help train your developers in secure coding. 

View Resource
View Resource

Fill out the form below to download the report

We would like your permission to send you information on our products and/or related secure coding topics. We’ll always treat your personal details with the utmost care and will never sell them to other companies for marketing purposes.

Submit
To submit the form, please enable 'Analytics' cookies. Feel free to disable them again once you're done.


When it comes to security and protecting your data, rapid responses to the latest development is critical. After all, hacks and threats can come at any time so it’s important to stay vigilant. Here at Secure Code Warrior, we strive to provide you with up to date information on the latest vulnerabilities, what steps to take to mitigate risk and how to protect your users. Just like with the recent announcements to help you with the Spring library vulnerabilities, we’re here to discuss 2 newly discovered vulnerabilities. 

Today we are focusing on 2 new vulnerabilities: first Microsoft’s Server Message Block known as “Windows RPC RCE” and second, NGINX known as “LDAP Reference Implementation.”

Read on to learn what we know about these vulnerabilities so far and what you can do to mitigate your risk. 

Microsoft Windows RPC RCE - CVE-2022-26809

During April’s Patch Tuesday, Microsoft disclosed a vulnerability in their Server Message Block (SMB) functionality, specifically the part handling RPCs. This may sound familiar to you, as the vulnerability is similar to CVE-2003-0352 - an exploitation used by the worm blaster all the way back in 2003! 

What is the level of risk and likelihood for exploitation?

Microsoft’s advisory has indicated that “Attack Complexity” is “Low”, and assessed exploitation risk to be “Exploitation More Likely”, the highest level in the absence of proven exploitation in the wild. 

Currently, there are no known exploitations but due to the low attack complexity and “more likely” exploitation assessment, there are concerns that malicious actors could quickly and easily take advantage through Blaster attacks.  

Researchers have identified a large number of hosts on the public internet with port 139/445 accessible, which is quite worrisome if large-scale exploration were to occur. 

What steps should users take to mitigate risk?

Luckily, mitigating the risk of being exploited by this vulnerability is relatively easy. 

  1. Ensure that you block access to port 139 and 445 from the internet and when access is needed, limit it to internal access only. You can find more details from Microsoft’s documentation here
  2. Apply the patches released by Microsoft on April 12th, 2022.

NGINX - LDAP Reference Implementation RCE

NGINX disclosed on April 11, 2022, a new vulnerability known as “LDAP Reference Implementation RCE” that allows for Remote Code Execution (RCE) on the system.

What is the vulnerability?

This vulnerability is unique because it does not affect code that is meant to be used in production or commonly sensitive systems. Rather, as “reference implementation” in the name indicates, the purpose of the code is to demonstrate how LDAP integration can work in an NGINX setup.

Who is at risk and what should you do to protect your code?

Fortunately,  NGINX is not vulnerable by default. The primary risk is when the LDAP extension is installed. Even then, multiple other conditions also need to be true for the vulnerability  to be exploitable. One action that we recommend taking is if you use the reference implementation, make sure to switch to using a production-ready implementation. 

For full details, check out the NGINX disclosure.

Vulnerabilities leaving you feeling exposed? We can help.

From today’s Windows RPC RCE and NGINX - LDAP Reference Implementation RCE to last month’s Spring vulnerabilities, it’s clear that software vulnerabilities are ever present. 

Most companies focus on rapid response strategies to mitigate risk to code and customers, but that has a reactive approach that while important can leave you at risk. We believe that a proactive strategy for building secure code, upskilling your developers, and creating a security focused culture is the best way to protect yourselves against threats. 

Emphasizing developer-driven security at the start of the software development lifecycle will lead to increased protection, more efficient code deployment, and saving you time and money.

Secure Code Warrior is here to help with our unique training platform that goes from educational content to hands-on applications of the new skills your team is learning.  

Discover how Secure Code Warrior learning platform can help train your developers in secure coding. 

Interested in more?

Click on the link below and download the PDF of this one pager.

Download

Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.

View reportBook a demo
Share on:
Interested in more?

Share on:
Author
Charlie Eriksen
Published Apr 14, 2022

Share on:


When it comes to security and protecting your data, rapid responses to the latest development is critical. After all, hacks and threats can come at any time so it’s important to stay vigilant. Here at Secure Code Warrior, we strive to provide you with up to date information on the latest vulnerabilities, what steps to take to mitigate risk and how to protect your users. Just like with the recent announcements to help you with the Spring library vulnerabilities, we’re here to discuss 2 newly discovered vulnerabilities. 

Today we are focusing on 2 new vulnerabilities: first Microsoft’s Server Message Block known as “Windows RPC RCE” and second, NGINX known as “LDAP Reference Implementation.”

Read on to learn what we know about these vulnerabilities so far and what you can do to mitigate your risk. 

Microsoft Windows RPC RCE - CVE-2022-26809

During April’s Patch Tuesday, Microsoft disclosed a vulnerability in their Server Message Block (SMB) functionality, specifically the part handling RPCs. This may sound familiar to you, as the vulnerability is similar to CVE-2003-0352 - an exploitation used by the worm blaster all the way back in 2003! 

What is the level of risk and likelihood for exploitation?

Microsoft’s advisory has indicated that “Attack Complexity” is “Low”, and assessed exploitation risk to be “Exploitation More Likely”, the highest level in the absence of proven exploitation in the wild. 

Currently, there are no known exploitations but due to the low attack complexity and “more likely” exploitation assessment, there are concerns that malicious actors could quickly and easily take advantage through Blaster attacks.  

Researchers have identified a large number of hosts on the public internet with port 139/445 accessible, which is quite worrisome if large-scale exploration were to occur. 

What steps should users take to mitigate risk?

Luckily, mitigating the risk of being exploited by this vulnerability is relatively easy. 

  1. Ensure that you block access to port 139 and 445 from the internet and when access is needed, limit it to internal access only. You can find more details from Microsoft’s documentation here
  2. Apply the patches released by Microsoft on April 12th, 2022.

NGINX - LDAP Reference Implementation RCE

NGINX disclosed on April 11, 2022, a new vulnerability known as “LDAP Reference Implementation RCE” that allows for Remote Code Execution (RCE) on the system.

What is the vulnerability?

This vulnerability is unique because it does not affect code that is meant to be used in production or commonly sensitive systems. Rather, as “reference implementation” in the name indicates, the purpose of the code is to demonstrate how LDAP integration can work in an NGINX setup.

Who is at risk and what should you do to protect your code?

Fortunately,  NGINX is not vulnerable by default. The primary risk is when the LDAP extension is installed. Even then, multiple other conditions also need to be true for the vulnerability  to be exploitable. One action that we recommend taking is if you use the reference implementation, make sure to switch to using a production-ready implementation. 

For full details, check out the NGINX disclosure.

Vulnerabilities leaving you feeling exposed? We can help.

From today’s Windows RPC RCE and NGINX - LDAP Reference Implementation RCE to last month’s Spring vulnerabilities, it’s clear that software vulnerabilities are ever present. 

Most companies focus on rapid response strategies to mitigate risk to code and customers, but that has a reactive approach that while important can leave you at risk. We believe that a proactive strategy for building secure code, upskilling your developers, and creating a security focused culture is the best way to protect yourselves against threats. 

Emphasizing developer-driven security at the start of the software development lifecycle will lead to increased protection, more efficient code deployment, and saving you time and money.

Secure Code Warrior is here to help with our unique training platform that goes from educational content to hands-on applications of the new skills your team is learning.  

Discover how Secure Code Warrior learning platform can help train your developers in secure coding. 

Table of contents

View Resource
Interested in more?

Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.

Book a demoDownload
Share on:
Resource hub

Resources to get you started

More posts
Resource hub

Resources to get you started

More posts