On July 12, Microsoft issued regular monthly updates for its products. This time Redmond fixed 84 vulnerabilities, including a zero-day flaw which is already exploited by hackers.
CVE-2022-22047 (CVSS score 7.5) is a privilege escalation vulnerability in Windows. It exists due to a boundary error within the Microsoft Windows Client/Server Runtime Subsystem (CSRSS). An attacker who has the access to the target system can run a specially crafted program to execute arbitrary code with SYSTEM privileges.
The flaw was identified by Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC). The tech giant didn’t provide any further details about this zero-day vulnerability. Any indicators of compromise (IOC) are not available either.
Other 83 vulnerabilities fixed during Patch Tuesday affect a range of Windows components, including Microsoft Office, BitLocker, Microsoft Defender, Windows Azure and Windows Windows Hyper-V. Four of them are labeled “critical”, the others are “important”.
32 vulnerabilities were fixed in Azure Site Recovery disaster recovery service alone. Using these flaws, threat actors can elevate their privileges on a target system or perform remote code execution.