CISA Orders Agencies To Patch New Windows Zero-day Vulnerability

July 14, 2022

CISA has instructed organizations to fix an actively exploited zero-day vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS).

The bug, which is being tracked as CVE-2022-22047, affects server platforms as well as client Windows platforms, including the latest versions of Windows 11 and Windows Server 2022.

CISA has given agencies three weeks until August 2 to address the actively exploited CVE-2022-22047 vulnerability, which will help prevent ongoing attacks on their systems.

A binding operational directive (BOD 22-01) issued in November, requires all agencies of the Federal Civilian Executive Branch Agencies (FCEB) to protect their networks against security vulnerabilities that have been added to CISA’s catalog of Known Exploited Vulnerabilities (KEV).

While the directive applies only to U.S. federal agencies, CISA urges all organizations in the U.S. to fix the Windows CSRSS elevation of privilege bug to stop attempts by attackers.

According to Microsoft, the vulnerability has been discovered internally by the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC).

Microsoft patched the vulnerability as part of the July 2022 Patch Tuesday and classified it as a zero-day vulnerability because it was abused in attacks before a patch was available.

The sources for this piece include an article in BleepingComputer.

Top Stories

Related Articles

June 26, 2026 Ford Motor Co. turned to veteran engineers to tackle persistent vehicle quality problems after finding that artificial more...

June 26, 2026 Meta's chief technology officer says employee morale has fallen to one of the lowest levels in the more...

June 26, 2026 Memory chip maker Micron says it has signed 16 long-term strategic customer agreements that include price floors more...

June 26, 2026 IBM says it has developed the world's first functional sub-1 nanometre computer chip, marking what the company more...

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn