CISA: Windows vulnerability CVE-2022-22047 must be patched by Aug. 2, 2022

Windows[German]U.S. Cyber Security Administration (CISA) has set a deadline of August 2, 2022 for U.S. institutions to fix the CVE-2022-22047 vulnerability, which is rated with a CVSS index of 7.8. This vulnerability in the Client Server Runtime Subsystem (CSRSS) affects virtually all versions of Windows and was fixed in the July 2022 updates.

The CVE-2022-22047 vulnerability

CVE-2022-22047 is an elevation of privilege vulnerability in the Client Server Runtime Subsystem (CSRSS). A (local) attacker who successfully exploited this vulnerability could gain SYSTEM privileges. The vulnerability is already being exploited, according to Microsoft. Virtually all Windows versions (client and server) are affected:

The KB numbers indicate the relevant updates deployed as of July 12, 2022. .

CISA statement: Patch by August

The U.S. Cyber Security Administration has added the CVE-2022-22047 vulnerability to its list of bugs to patch (see the following tweet) and requires systems to be patched by August 2, 2022.

The Record has published some more assessments of this vulnerability by security researchers here.

Similar articles
Microsoft Office Updates (July 5, 2022)
Microsoft Security Update Summary (July 12, 2022)
Patchday: Windows 10-Updates (July 12 2022)
Patchday: Windows 11/Server 2022-Updates (July 12, 2022)
Windows 7/Server 2008R2; Windows 8.1/Server 2012R2: Updates (July 12 2022)
Patchday: Microsoft Office Updates (July 12, 2022)

Office updates destroys Access run time and apps
Windows 10: Microsoft expands "search highlights" in search area (May 19, 2022)
Microsoft July 2022 Patchday issues (Windows, Office)
Windows 10 21H2: Explorer /Taskbar issuses – a collision between Search Highlights and "HP Development Company, L.P. – Extension – 8.10.5.34686"

This entry was posted in Security, Update, Windows and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *