Security News > 2022 > July > CISA Urges Patch of Exploited Windows 11 Bug by Aug. 2

CISA Urges Patch of Exploited Windows 11 Bug by Aug. 2
2022-07-18 12:19

A Windows 11 vulnerability, part of Microsoft's Patch Tuesday roundup of fixes, is being exploited in the wild, prompting the U.S. Cybersecurity and Infrastructure Security Agency to advise patching of the elevation of privileges flaw by August 2.

The recommendation is directed at federal agencies and concerns CVE-2022-22047, a vulnerability that carries a CVSS score of high and exposes Windows Client Server Runtime Subsystem used in Windows 11 and also Windows Server 2022 to attack.

The CSRSS bug is an elevation of privileges vulnerability that allows adversaries with a pre-established foothold on a targeted system to execute code as an unprivileged user.

When the bug was first reported by Microsoft's own security team earlier this month it was classified as a zero-day, or a known bug with no patch.

In a bulletin, researchers explain the downgraded rating because an adversary needs advanced "Local" or physical access to the targeted system to exploit the bug and a patch is available.

CISA added the Microsoft bug to its running list of known exploited vulnerabilities on July 7 and recommends simply, "Apply updates per vendor instructions".


News URL

https://threatpost.com/cisa-urges-patch-11-bug/180235/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-07-12 CVE-2022-22047 Untrusted Search Path vulnerability in Microsoft products
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
local
low complexity
microsoft CWE-426
7.8