[German]U.S. Cyber Security Administration (CISA) has set a deadline of August 2, 2022 for U.S. institutions to fix the CVE-2022-22047 vulnerability, which is rated with a CVSS index of 7.8. This vulnerability in the Client Server Runtime Subsystem (CSRSS) affects virtually all versions of Windows and was fixed in the July 2022 updates.
The CVE-2022-22047 vulnerability
CVE-2022-22047 is an elevation of privilege vulnerability in the Client Server Runtime Subsystem (CSRSS). A (local) attacker who successfully exploited this vulnerability could gain SYSTEM privileges. The vulnerability is already being exploited, according to Microsoft. Virtually all Windows versions (client and server) are affected:
- Windows Server 2012/R2: KB5015874 Monthly Rollup
- Windows Server 2012/R2: KB5015877 Security only
- Windows Server 2012: KB5015863 Monthly Rollup
- Windows Server 2012: KB5015875 Security only
- Windows Server 2008 R2 SP1: KB5015861 Monthly Rollup
- Windows Server 2008 R2 SP1: KB5015862 Security only
- Windows Server 2008 SP2: KB5015866 Monthly Rollup
- Windows Server 2008 SP2: KB5015870 Security only
- Windows RT 8.1: KB5015874 (Monthly Rollup)
- Windows 8.1: KB5015874 Monthly Rollup
- Windows 8.1: KB5015877 Security only
- Windows 7 SP1: KB5015861 Monthly Rollup
- Windows 7 SP1: KB5015862 Security only
- Windows Server 2016: KB5015808
- Windows 10: KB5015832
- Windows 10 Version 21H2: KB5015807
- Windows 11: KB5015814
- Windows Server 2022: KB5015827
- Windows Server 2019: KB5015811
- Windows 10 Version 1809: KB5015811
The KB numbers indicate the relevant updates deployed as of July 12, 2022. .
CISA statement: Patch by August
The U.S. Cyber Security Administration has added the CVE-2022-22047 vulnerability to its list of bugs to patch (see the following tweet) and requires systems to be patched by August 2, 2022.
The Record has published some more assessments of this vulnerability by security researchers here.
Similar articles
Microsoft Office Updates (July 5, 2022)
Microsoft Security Update Summary (July 12, 2022)
Patchday: Windows 10-Updates (July 12 2022)
Patchday: Windows 11/Server 2022-Updates (July 12, 2022)
Windows 7/Server 2008R2; Windows 8.1/Server 2012R2: Updates (July 12 2022)
Patchday: Microsoft Office Updates (July 12, 2022)
Office updates destroys Access run time and apps
Windows 10: Microsoft expands "search highlights" in search area (May 19, 2022)
Microsoft July 2022 Patchday issues (Windows, Office)
Windows 10 21H2: Explorer /Taskbar issuses – a collision between Search Highlights and "HP Development Company, L.P. – Extension – 8.10.5.34686"
