CVE-2022-26936 Windows Server Service Information Disclosure Vulnerability.

This vulnerability allows attackers to obtain information about the vulnerable service. Attackers can perform reconnaissance on target networks by identifying and accessing services that are running on networked-attached devices and collecting service-related data. In certain situations, this information can be used to launch further attacks against the network. The information that can be obtained from a vulnerable service depends on the type of service and the version of the service

Vulnerability details

This vulnerability allows attackers to obtain information about the vulnerable service. Attackers can perform reconnaissance on target networks by identifying and accessing services that are running on networked-attached devices and collecting service-related data. In certain situations, this information can be used to launch further attacks against the network. The information that can be obtained from a vulnerable service depends on the type of service and the version of the service.
This vulnerability is located in Microsoft Windows Server 2008 R2, which is responsible for providing DHCP services.

Discovery and Mitigation of CVE-2022-26936

One possible way to discover and mitigate the vulnerability is to use a Vulnerability Scanning tool. For example, you can use OpenVAS to detect vulnerable hosts. You can also identify affected devices by monitoring network traffic for SSL/TLS handshakes on port 443 or 6443. To find which devices are affected, you might need to monitor both secured and unsecured traffic. Another approach is to deploy an Intrusion Detection System (IDS). This will make it easier to identify hosts that have been compromised and then proactively take actions against those hosts.

Internet Protocol Address

The Internet Protocol Address is a numerical label assigned in the Internet Protocol suite that identifies a network interface on a computer, mobile device, or other connected device.
This vulnerability affects all versions of Windows 10, 8, and 7.

Overview

This vulnerability is a new variant of CVE-2016-7623, which was reported to Android. This vulnerability allows attackers to obtain information about the vulnerable service. Attackers can perform reconnaissance on target networks by identifying and accessing services that are running on networked-attached devices and collecting service-related data. In certain situations, this information can be used to launch further attacks against the network. The information that can be obtained from a vulnerable service depends on the type of service and the version of the service.

Timeline

Published on: 05/10/2022 21:15:00 UTC
Last modified on: 05/19/2022 16:51:00 UTC

References

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26936
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26936