July 14, 2022

CISA has instructed organizations to fix an actively exploited zero-day vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS).

The bug, which is being tracked as CVE-2022-22047, affects server platforms as well as client Windows platforms, including the latest versions of Windows 11 and Windows Server 2022.

CISA has given agencies three weeks until August 2 to address the actively exploited CVE-2022-22047 vulnerability, which will help prevent ongoing attacks on their systems.

A binding operational directive (BOD 22-01) issued in November, requires all agencies of the Federal Civilian Executive Branch Agencies (FCEB) to protect their networks against security vulnerabilities that have been added to CISA’s catalog of Known Exploited Vulnerabilities (KEV).

While the directive applies only to U.S. federal agencies, CISA urges all organizations in the U.S. to fix the Windows CSRSS elevation of privilege bug to stop attempts by attackers.

According to Microsoft, the vulnerability has been discovered internally by the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC).

Microsoft patched the vulnerability as part of the July 2022 Patch Tuesday and classified it as a zero-day vulnerability because it was abused in attacks before a patch was available.

The sources for this piece include an article in BleepingComputer.