Security News > 2022 > July > Microsoft fixes exploited zero-day in Windows CSRSS (CVE-2022-22047)
The July 2022 Patch Tuesday is upon us and has brought fixes for 84 CVEs in various Microsoft products, including an actively exploited zero-day: CVE-2022-22047, an elevation of privilege bug in Windows' Client/Server Runtime Subsystem.
"An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," Microsoft noted, but the attacker must first gain access to the system, usually by exploiting a separate code execution bug.
Dustin Childs, with Trend Micro's Zero Day Initiative, says that CVE-2022-30216, a "Tampering" vulnerability in the Windows Server Service that may allow an authenticated attacker to upload a malicious certificate to a target server, should be patched quickly on critical servers.
Exploitation of CVE-2022-22029, a RCE in the Windows NFS service, and CVE-2022-22038, a Microsoft Remote Procedure Call runtime RCE, doesn't hinge on the attacker being authenticated nor on user interaction.
Finally, it has to be mentioned that this Patch Tuesday is when Microsoft enterprise customers who opted for using Windows Autopatch will start testing the automated managed patching service.
"Because the Autopatch service has such a broad footprint, and pushes updates around the clock, we are able to detect potential issues among an incredibly diverse array of hardware and software configurations. This means that an issue that may have an impact on your portfolio could be detected and resolved before ever reaching your estate. And as the service expands and grows, the ability to detect issues will get more robust," noted Lior Bela, Senior Product Marketing Manager for Microsoft Managed Desktop and Windows Autopatch on the Microsoft 365 team.
News URL
https://www.helpnetsecurity.com/2022/07/12/cve-2022-22047/
Related news
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Microsoft confirms game audio issues on Windows 11 24H2 PCs (source)
- Microsoft pulls WinAppSDK update breaking Windows 10 app uninstalls (source)
- Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs (source)
- Microsoft testing Windows 11 support for third-party passkeys (source)
- Microsoft asks Windows Insiders to try out the controversial Recall feature (source)
- Microsoft blocks Windows 11 24H2 on some PCs with USB scanners (source)
- Security? We've heard of it: How Microsoft plans to better defend Windows (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-12 | CVE-2022-30216 | Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft products Windows Server Service Tampering Vulnerability | 0.0 |
| 2022-07-12 | CVE-2022-22047 | Untrusted Search Path vulnerability in Microsoft products Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 0.0 |
| 2022-07-12 | CVE-2022-22038 | Unspecified vulnerability in Microsoft products Remote Procedure Call Runtime Remote Code Execution Vulnerability | 0.0 |
| 2022-07-12 | CVE-2022-22029 | Unspecified vulnerability in Microsoft products Windows Network File System Remote Code Execution Vulnerability | 0.0 |