CISA Orders Agencies To Patch New Windows Zero-day Vulnerability

Share post:

CISA has instructed organizations to fix an actively exploited zero-day vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS).

The bug, which is being tracked as CVE-2022-22047, affects server platforms as well as client Windows platforms, including the latest versions of Windows 11 and Windows Server 2022.

CISA has given agencies three weeks until August 2 to address the actively exploited CVE-2022-22047 vulnerability, which will help prevent ongoing attacks on their systems.

A binding operational directive (BOD 22-01) issued in November, requires all agencies of the Federal Civilian Executive Branch Agencies (FCEB) to protect their networks against security vulnerabilities that have been added to CISA’s catalog of Known Exploited Vulnerabilities (KEV).

While the directive applies only to U.S. federal agencies, CISA urges all organizations in the U.S. to fix the Windows CSRSS elevation of privilege bug to stop attempts by attackers.

According to Microsoft, the vulnerability has been discovered internally by the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC).

Microsoft patched the vulnerability as part of the July 2022 Patch Tuesday and classified it as a zero-day vulnerability because it was abused in attacks before a patch was available.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Intel CEO Pat Gelsinger Retires Amid Record Losses and Ongoing Restructuring

Intel CEO Pat Gelsinger has announced his retirement effective December 1, marking the end of a challenging tenure...

Russian State-Backed Cyber Attack Exploits Zero-Day Vulnerabilities in Windows and Firefox

Headline: A sophisticated cyberattack leveraging two chained zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows has been confirmed by...

Starbucks Forced to Pay Baristas Manually After Ransomware Attack

A ransomware attack on Blue Yonder, a third-party scheduling software provider, has disrupted Starbucks’ ability to manage employee...

Google Launches Free Cybersecurity Certificate for Entry-Level Jobs

Google has introduced a new Cybersecurity Professional Certificate, aimed at preparing students for entry-level roles in just six...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways