Security News > 2022 > July > Microsoft fixes exploited zero-day in Windows CSRSS (CVE-2022-22047)
The July 2022 Patch Tuesday is upon us and has brought fixes for 84 CVEs in various Microsoft products, including an actively exploited zero-day: CVE-2022-22047, an elevation of privilege bug in Windows' Client/Server Runtime Subsystem.
"An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," Microsoft noted, but the attacker must first gain access to the system, usually by exploiting a separate code execution bug.
Dustin Childs, with Trend Micro's Zero Day Initiative, says that CVE-2022-30216, a "Tampering" vulnerability in the Windows Server Service that may allow an authenticated attacker to upload a malicious certificate to a target server, should be patched quickly on critical servers.
Exploitation of CVE-2022-22029, a RCE in the Windows NFS service, and CVE-2022-22038, a Microsoft Remote Procedure Call runtime RCE, doesn't hinge on the attacker being authenticated nor on user interaction.
Finally, it has to be mentioned that this Patch Tuesday is when Microsoft enterprise customers who opted for using Windows Autopatch will start testing the automated managed patching service.
"Because the Autopatch service has such a broad footprint, and pushes updates around the clock, we are able to detect potential issues among an incredibly diverse array of hardware and software configurations. This means that an issue that may have an impact on your portfolio could be detected and resolved before ever reaching your estate. And as the service expands and grows, the ability to detect issues will get more robust," noted Lior Bela, Senior Product Marketing Manager for Microsoft Managed Desktop and Windows Autopatch on the Microsoft 365 team.
News URL
https://www.helpnetsecurity.com/2022/07/12/cve-2022-22047/
Related news
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
- Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Microsoft to remove the Location History feature in Windows (source)
- Microsoft testing fix for Windows 11 bug breaking SSH connections (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-12 | CVE-2022-30216 | Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft products Windows Server Service Tampering Vulnerability | 0.0 |
| 2022-07-12 | CVE-2022-22047 | Untrusted Search Path vulnerability in Microsoft products Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 0.0 |
| 2022-07-12 | CVE-2022-22038 | Unspecified vulnerability in Microsoft products Remote Procedure Call Runtime Remote Code Execution Vulnerability | 0.0 |
| 2022-07-12 | CVE-2022-22029 | Unspecified vulnerability in Microsoft products Windows Network File System Remote Code Execution Vulnerability | 0.0 |