The July 2022 Patch Tuesday is upon us and has brought fixes for 84 CVEs in various Microsoft products, including an actively exploited zero-day: CVE-2022-22047, an elevation of privilege bug in Windows’ Client/Server Runtime Subsystem (CSRSS). “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft noted, but the attacker must first gain access to the system, usually by exploiting a separate code execution bug. Is it being used in widespread or targeted … More
The post Microsoft fixes exploited zero-day in Windows CSRSS (CVE-2022-22047) appeared first on Help Net Security.