Executive Summary \r\n \r\n Akamai researcher Ben Barnea found an important vulnerability in the Remote Procedure Call (RPC) runtime library: CVE-2022-22019 ,   with a base score of 8.8. \r\n \r\n The new vulnerability takes advantage of an integer overflow that was previously reported to Microsoft and patched in April 2022. \r\n \r\n The new vulnerability has been addressed in Microsoft’s May Patch Tuesday. \r\n \r\n We recommend, alongside Microsoft’s previous list of mitigations, to patch swiftly and leverage network segmentation to limit the exploitation of these vulnerabilities for lateral movement . \r\n \r\n \r\n Introduction \r\n On April 12, 2022, Microsoft released patches for three vulnerabilities in the Remote Procedure Call (RPC) runtime library (rpcrt4.dll). These vulnerabilities were assigned the following CVEs: CVE-2022-26809, CVE-2022-24492 and CVE-2022-24528 . Affected operating systems are Windows 7, 8, 10, and 11, and Windows Servers 2008, 2012, 2019, and 2022.…