The Cyber Security Administration of USA (CISA από το Cyber Security Administration) όρισε σαν προθεσμία την 2α Αυγούστου του 2022 στα ιδρύματα των ΗΠΑ να διορθώσουν την ευπάθεια CVE-2022-22047, η οποία βαθμολογείται με δείκτη CVSS 7,8.
This vulnerability in the Client Server Runtime Subsystem (CSRSS) affects almost all versions of Windows and was fixed with the July 2022 updates.
The vulnerability CVE-2022-22047
CVE-2022-22047 elevates privilege in the Client Server Runtime Subsystem (CSRSS). A (local) attacker exploiting the vulnerability could gain privileges SYSTEM. The vulnerability is already being exploited, according to Microsoft, and almost all versions of Windows (client and server) are affected:
Windows Server 2012/R2: KB5015874 Monthly Rollup
Windows Server 2012/R2: KB5015877 Security only
Windows Server 2012: KB5015863 Monthly Rollup
Windows Server 2012: KB5015875 Security only
Windows Server 2008 R2 SP1: KB5015861 Monthly Rollup
Windows Server 2008 R2 SP1: KB5015862 Security only
Windows Server 2008 SP2: KB5015866 Monthly Rollup
Windows Server 2008 SP2: KB5015870 Security only
Windows RT 8.1: KB5015874 (Monthly Rollup)
Windows 8.1: KB5015874 Monthly Rollup
Windows 8.1: KB5015877 Security only
Windows 7 SP1: KB5015861 Monthly Rollup
Windows 7 SP1: KB5015862 Security only
Windows Server 2016: KB5015808
Windows 10: KB5015832
Windows 10 Version 21H2: KB5015807
Windows 11: KB5015814
Windows Server 2022: KB5015827
Windows Server 2019: KB5015811
Windows 10 Version 1809: KB5015811
The KB numbers indicate the relevant updates that have been released since July 12, 2022. .
The CISA statement: Patch until August
CISA adds Windows bug to exploited list, urges agencies to patch by August 2 – The Record by Recorded Future https://t.co/nfP1IRlLEH
— Sami Laiho (@samilaiho) July 17, 2022
The US Cybersecurity Administration has added the CVE-2022-22047 vulnerability to its list of bugs to be patched and requires systems to be patched by August 2, 2022.