Security News > 2022 > July > Microsoft fixes exploited zero-day in Windows CSRSS (CVE-2022-22047)

The July 2022 Patch Tuesday is upon us and has brought fixes for 84 CVEs in various Microsoft products, including an actively exploited zero-day: CVE-2022-22047, an elevation of privilege bug in Windows' Client/Server Runtime Subsystem.
"An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," Microsoft noted, but the attacker must first gain access to the system, usually by exploiting a separate code execution bug.
Dustin Childs, with Trend Micro's Zero Day Initiative, says that CVE-2022-30216, a "Tampering" vulnerability in the Windows Server Service that may allow an authenticated attacker to upload a malicious certificate to a target server, should be patched quickly on critical servers.
Exploitation of CVE-2022-22029, a RCE in the Windows NFS service, and CVE-2022-22038, a Microsoft Remote Procedure Call runtime RCE, doesn't hinge on the attacker being authenticated nor on user interaction.
Finally, it has to be mentioned that this Patch Tuesday is when Microsoft enterprise customers who opted for using Windows Autopatch will start testing the automated managed patching service.
"Because the Autopatch service has such a broad footprint, and pushes updates around the clock, we are able to detect potential issues among an incredibly diverse array of hardware and software configurations. This means that an issue that may have an impact on your portfolio could be detected and resolved before ever reaching your estate. And as the service expands and grows, the ability to detect issues will get more robust," noted Lior Bela, Senior Product Marketing Manager for Microsoft Managed Desktop and Windows Autopatch on the Microsoft 365 team.
News URL
https://www.helpnetsecurity.com/2022/07/12/cve-2022-22047/
Related news
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- Microsoft lifts Windows 11 update block for some AutoCAD users (source)
- Microsoft replacing Remote Desktop app with Windows App in May (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Microsoft: Recent Windows updates make USB printers print random text (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Microsoft: March Windows updates mistakenly uninstall Copilot (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-12 | CVE-2022-30216 | Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft products Windows Server Service Tampering Vulnerability | 0.0 |
2022-07-12 | CVE-2022-22047 | Untrusted Search Path vulnerability in Microsoft products Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 0.0 |
2022-07-12 | CVE-2022-22038 | Unspecified vulnerability in Microsoft products Remote Procedure Call Runtime Remote Code Execution Vulnerability | 0.0 |
2022-07-12 | CVE-2022-22029 | Unspecified vulnerability in Microsoft products Windows Network File System Remote Code Execution Vulnerability | 0.0 |