13 July 2022

Microsoft fixed zero-day vulnerability in Windows


Microsoft fixed zero-day vulnerability in Windows

On July 12, Microsoft issued regular monthly updates for its products. This time Redmond fixed 84 vulnerabilities, including a zero-day flaw which is already exploited by hackers.

CVE-2022-22047 (CVSS score 7.5) is a privilege escalation vulnerability in Windows. It exists due to a boundary error within the Microsoft Windows Client/Server Runtime Subsystem (CSRSS). An attacker who has the access to the target system can run a specially crafted program to execute arbitrary code with SYSTEM privileges.

The flaw was identified by Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC). The tech giant didn’t provide any further details about this zero-day vulnerability. Any indicators of compromise (IOC) are not available either.

Other 83 vulnerabilities fixed during Patch Tuesday affect a range of Windows components, including Microsoft Office, BitLocker, Microsoft Defender, Windows Azure and Windows Windows Hyper-V. Four of them are labeled “critical”, the others are “important”.

32 vulnerabilities were fixed in Azure Site Recovery disaster recovery service alone. Using these flaws, threat actors can elevate their privileges on a target system or perform remote code execution.

Back to the list

Latest Posts

Cyber Security week in review: December 2, 2022

Cyber Security week in review: December 2, 2022

The world in brief: Samsung, LG, Mediatek certificates used to sign Android malware, researchers detail new exploit framework, and more.
2 December 2022
Security researchers unintentionally crash KmsdBot botnet

Security researchers unintentionally crash KmsdBot botnet

The malware lacked an error-checking mechanism, which allowed the researchers to deactivate it.
1 December 2022
New Heliconia framework exploits n-day flaws in Chrome, Firefox and Microsoft Defender

New Heliconia framework exploits n-day flaws in Chrome, Firefox and Microsoft Defender

The researchers have linked the framework to a Spain-based software company.
1 December 2022