Microsoft fixes exploited zero-day in Windows CSRSS (CVE-2022-22047)


The July 2022 Patch Tuesday is upon us and has brought fixes for 84 CVEs in various Microsoft products, including an actively exploited zero-day: CVE-2022-22047, an elevation of privilege bug in Windows’ Client/Server Runtime Subsystem (CSRSS).

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft noted, but the attacker must first gain access to the system, usually by exploiting a separate code execution bug.

Is it being used in widespread or targeted attacks? Microsoft doesn’t say, so it’s difficult for admins to judge correctly whether they should implement the provided patch sooner rather than later. In the absence of such info, they should probably opt for the former option, just in case.