Get ahead of software vulnerabilities in NGINX and Microsoft Windows SMB Remote Procedure Call service

Published Apr 14, 2022
by Charlie Eriksen
tl;dr?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.


When it comes to security and protecting your data, rapid responses to the latest development is critical. After all, hacks and threats can come at any time so it’s important to stay vigilant. Here at Secure Code Warrior, we strive to provide you with up to date information on the latest vulnerabilities, what steps to take to mitigate risk and how to protect your users. Just like with the recent announcements to help you with the Spring library vulnerabilities, we’re here to discuss 2 newly discovered vulnerabilities. 

Today we are focusing on 2 new vulnerabilities: first Microsoft’s Server Message Block known as “Windows RPC RCE” and second, NGINX known as “LDAP Reference Implementation.”

Read on to learn what we know about these vulnerabilities so far and what you can do to mitigate your risk. 

Microsoft Windows RPC RCE - CVE-2022-26809

During April’s Patch Tuesday, Microsoft disclosed a vulnerability in their Server Message Block (SMB) functionality, specifically the part handling RPCs. This may sound familiar to you, as the vulnerability is similar to CVE-2003-0352 - an exploitation used by the worm blaster all the way back in 2003! 

What is the level of risk and likelihood for exploitation?

Microsoft’s advisory has indicated that “Attack Complexity” is “Low”, and assessed exploitation risk to be “Exploitation More Likely”, the highest level in the absence of proven exploitation in the wild. 

Currently, there are no known exploitations but due to the low attack complexity and “more likely” exploitation assessment, there are concerns that malicious actors could quickly and easily take advantage through Blaster attacks.  

Researchers have identified a large number of hosts on the public internet with port 139/445 accessible, which is quite worrisome if large-scale exploration were to occur. 

What steps should users take to mitigate risk?

Luckily, mitigating the risk of being exploited by this vulnerability is relatively easy. 

  1. Ensure that you block access to port 139 and 445 from the internet and when access is needed, limit it to internal access only. You can find more details from Microsoft’s documentation here
  2. Apply the patches released by Microsoft on April 12th, 2022.

NGINX - LDAP Reference Implementation RCE

NGINX disclosed on April 11, 2022, a new vulnerability known as “LDAP Reference Implementation RCE” that allows for Remote Code Execution (RCE) on the system.

What is the vulnerability?

This vulnerability is unique because it does not affect code that is meant to be used in production or commonly sensitive systems. Rather, as “reference implementation” in the name indicates, the purpose of the code is to demonstrate how LDAP integration can work in an NGINX setup.

Who is at risk and what should you do to protect your code?

Fortunately,  NGINX is not vulnerable by default. The primary risk is when the LDAP extension is installed. Even then, multiple other conditions also need to be true for the vulnerability  to be exploitable. One action that we recommend taking is if you use the reference implementation, make sure to switch to using a production-ready implementation. 

For full details, check out the NGINX disclosure.

Vulnerabilities leaving you feeling exposed? We can help.

From today’s Windows RPC RCE and NGINX - LDAP Reference Implementation RCE to last month’s Spring vulnerabilities, it’s clear that software vulnerabilities are ever present. 

Most companies focus on rapid response strategies to mitigate risk to code and customers, but that has a reactive approach that while important can leave you at risk. We believe that a proactive strategy for building secure code, upskilling your developers, and creating a security focused culture is the best way to protect yourselves against threats. 

Emphasizing developer-driven security at the start of the software development lifecycle will lead to increased protection, more efficient code deployment, and saving you time and money.

Secure Code Warrior is here to help with our unique training platform that goes from educational content to hands-on applications of the new skills your team is learning.  

Discover how Secure Code Warrior learning platform can help train your developers in secure coding. 

View Resource

Want more?

Dive into onto our latest secure coding insights on the blog.

Our extensive resource library aims to empower the human approach to secure coding upskilling.

View Blog
Want more?

Get the latest research on developer-driven security

Our extensive resource library is full of helpful resources from whitepapers to webinars to get you started with developer-driven secure coding. Explore it now.

Resource Hub

Get ahead of software vulnerabilities in NGINX and Microsoft Windows SMB Remote Procedure Call service

Published Feb 03, 2023
By Charlie Eriksen


When it comes to security and protecting your data, rapid responses to the latest development is critical. After all, hacks and threats can come at any time so it’s important to stay vigilant. Here at Secure Code Warrior, we strive to provide you with up to date information on the latest vulnerabilities, what steps to take to mitigate risk and how to protect your users. Just like with the recent announcements to help you with the Spring library vulnerabilities, we’re here to discuss 2 newly discovered vulnerabilities. 

Today we are focusing on 2 new vulnerabilities: first Microsoft’s Server Message Block known as “Windows RPC RCE” and second, NGINX known as “LDAP Reference Implementation.”

Read on to learn what we know about these vulnerabilities so far and what you can do to mitigate your risk. 

Microsoft Windows RPC RCE - CVE-2022-26809

During April’s Patch Tuesday, Microsoft disclosed a vulnerability in their Server Message Block (SMB) functionality, specifically the part handling RPCs. This may sound familiar to you, as the vulnerability is similar to CVE-2003-0352 - an exploitation used by the worm blaster all the way back in 2003! 

What is the level of risk and likelihood for exploitation?

Microsoft’s advisory has indicated that “Attack Complexity” is “Low”, and assessed exploitation risk to be “Exploitation More Likely”, the highest level in the absence of proven exploitation in the wild. 

Currently, there are no known exploitations but due to the low attack complexity and “more likely” exploitation assessment, there are concerns that malicious actors could quickly and easily take advantage through Blaster attacks.  

Researchers have identified a large number of hosts on the public internet with port 139/445 accessible, which is quite worrisome if large-scale exploration were to occur. 

What steps should users take to mitigate risk?

Luckily, mitigating the risk of being exploited by this vulnerability is relatively easy. 

  1. Ensure that you block access to port 139 and 445 from the internet and when access is needed, limit it to internal access only. You can find more details from Microsoft’s documentation here
  2. Apply the patches released by Microsoft on April 12th, 2022.

NGINX - LDAP Reference Implementation RCE

NGINX disclosed on April 11, 2022, a new vulnerability known as “LDAP Reference Implementation RCE” that allows for Remote Code Execution (RCE) on the system.

What is the vulnerability?

This vulnerability is unique because it does not affect code that is meant to be used in production or commonly sensitive systems. Rather, as “reference implementation” in the name indicates, the purpose of the code is to demonstrate how LDAP integration can work in an NGINX setup.

Who is at risk and what should you do to protect your code?

Fortunately,  NGINX is not vulnerable by default. The primary risk is when the LDAP extension is installed. Even then, multiple other conditions also need to be true for the vulnerability  to be exploitable. One action that we recommend taking is if you use the reference implementation, make sure to switch to using a production-ready implementation. 

For full details, check out the NGINX disclosure.

Vulnerabilities leaving you feeling exposed? We can help.

From today’s Windows RPC RCE and NGINX - LDAP Reference Implementation RCE to last month’s Spring vulnerabilities, it’s clear that software vulnerabilities are ever present. 

Most companies focus on rapid response strategies to mitigate risk to code and customers, but that has a reactive approach that while important can leave you at risk. We believe that a proactive strategy for building secure code, upskilling your developers, and creating a security focused culture is the best way to protect yourselves against threats. 

Emphasizing developer-driven security at the start of the software development lifecycle will lead to increased protection, more efficient code deployment, and saving you time and money.

Secure Code Warrior is here to help with our unique training platform that goes from educational content to hands-on applications of the new skills your team is learning.  

Discover how Secure Code Warrior learning platform can help train your developers in secure coding. 

Enter your details to access the full report.

We would like your permission to send you information on our products and/or related secure coding topics. We’ll always treat your personal details with the utmost care and will never sell them to other companies for marketing purposes.

Oopsie daisy