“Microsoft Remote Procedure Call Runtime vulnerability (CVE-2022-26809)”

Version 1

Last updated: 04/16/2022, 16:00 AM EET           


As part of April 2022 Patch Tuesday Microsoft released a fix to a critical vulnerability on Windows Remote Procedure Call Runtime (CVE-2022-26809). Information available on this Microsoft implementation vulnerability has been extremely limited and thus its applicability to M-Files cannot be either confirmed or excluded.

M-Files Security strongly urges all on-premise and self-hosting customers to review guidelines provided by Microsoft and to apply appropriate mitigation. M-Files shall patch the Cloud environments as soon as reasonably possible.

Our Security team is constantly monitoring and analyzing available information and shall keep you notified should we have additional details to share.


Related external links:

Microsoft guidance: CVE-2022-26809 – Security Update Guide – Microsoft – Remote Procedure Call Runtime Remote Code Execution Vulnerability

MITRE: CVE – CVE-2022-26809 (mitre.org)

Best regards,

M-Files Security