CISA orders agencies to patch new Windows zero-day vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has instructed organizations to fix an actively exploited zero-day vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS).

The bug, which is being tracked as CVE-2022-22047, affects server platforms as well as client Windows platforms, including the latest versions of Windows 11 and Windows Server 2022.

CISA has given agencies three weeks until August 2 to address the actively exploited CVE-2022-22047 vulnerability, which will help prevent ongoing attacks on their systems.

A binding operational directive (BOD 22-01) issued in November, requires all agencies of the Federal Civilian Executive Branch Agencies (FCEB) to protect their networks against security vulnerabilities that have been added to CISA’s catalog of Known Exploited Vulnerabilities (KEV).

While the directive applies only to U.S. federal agencies, CISA urges all organizations in the U.S. to fix the Windows CSRSS elevation of privilege bug to stop attempts by attackers.

According to Microsoft, the vulnerability has been discovered internally by the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC).

Microsoft patched the vulnerability as part of the July 2022 Patch Tuesday and classified it as a zero-day vulnerability because it was abused in attacks before a patch was available.

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web