Security News > 2022 > July > Microsoft fixes exploited zero-day in Windows CSRSS (CVE-2022-22047)
The July 2022 Patch Tuesday is upon us and has brought fixes for 84 CVEs in various Microsoft products, including an actively exploited zero-day: CVE-2022-22047, an elevation of privilege bug in Windows' Client/Server Runtime Subsystem.
"An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," Microsoft noted, but the attacker must first gain access to the system, usually by exploiting a separate code execution bug.
Dustin Childs, with Trend Micro's Zero Day Initiative, says that CVE-2022-30216, a "Tampering" vulnerability in the Windows Server Service that may allow an authenticated attacker to upload a malicious certificate to a target server, should be patched quickly on critical servers.
Exploitation of CVE-2022-22029, a RCE in the Windows NFS service, and CVE-2022-22038, a Microsoft Remote Procedure Call runtime RCE, doesn't hinge on the attacker being authenticated nor on user interaction.
Finally, it has to be mentioned that this Patch Tuesday is when Microsoft enterprise customers who opted for using Windows Autopatch will start testing the automated managed patching service.
"Because the Autopatch service has such a broad footprint, and pushes updates around the clock, we are able to detect potential issues among an incredibly diverse array of hardware and software configurations. This means that an issue that may have an impact on your portfolio could be detected and resolved before ever reaching your estate. And as the service expands and grows, the ability to detect issues will get more robust," noted Lior Bela, Senior Product Marketing Manager for Microsoft Managed Desktop and Windows Autopatch on the Microsoft 365 team.
News URL
https://www.helpnetsecurity.com/2022/07/12/cve-2022-22047/
Related news
- Microsoft fixes Windows Smart App Control zero-day exploited since 2018 (source)
- “Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days (source)
- Microsoft discloses Office zero-day, still working on a patch (source)
- Microsoft: Windows 11 22H2 reaches end of support in 60 days (source)
- Microsoft is killing the Windows Paint 3D app after 8 years (source)
- Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (source)
- Microsoft fixes 6 zero-days under active attack (source)
- Windows Server August updates fix Microsoft 365 Defender issue (source)
- New Windows SmartScreen bypass exploited as zero-day since March (source)
- Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-12 | CVE-2022-30216 | Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft products Windows Server Service Tampering Vulnerability | 8.8 |
| 2022-07-12 | CVE-2022-22047 | Untrusted Search Path vulnerability in Microsoft products Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 7.8 |
| 2022-07-12 | CVE-2022-22038 | Unspecified vulnerability in Microsoft products Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.1 |
| 2022-07-12 | CVE-2022-22029 | Unspecified vulnerability in Microsoft products Windows Network File System Remote Code Execution Vulnerability | 8.1 |