Jul 2022: Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
CVE-2022-22047 Published on July 12, 2022
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
Known Exploited Vulnerability
This Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft Windows CSRSS contains an unspecified vulnerability which allows for privilege escalation to SYSTEM privileges.
The following remediation steps are recommended / required by August 2, 2022: Apply updates per vendor instructions.
Weakness Type
What is an Untrusted Path Vulnerability?
The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.
CVE-2022-22047 has been classified to as an Untrusted Path vulnerability or weakness.
Products Associated with CVE-2022-22047
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-22047 are published in these products:
Affected Versions
Microsoft Windows 10 Version 1809:- Version 10.0.17763.0 and below 10.0.17763.3165 is affected.
- Version 10.0.0 and below 10.0.17763.3165 is affected.
- Version 10.0.17763.0 and below 10.0.17763.3165 is affected.
- Version 10.0.17763.0 and below 10.0.17763.3165 is affected.
- Version 10.0.0 and below 10.0.19043.1826 is affected.
- Version 10.0.20348.0 and below 10.0.20348.825 is affected.
- Version 10.0.0 and below 10.0.19042.1826 is affected.
- Version 10.0.0 and below 10.0.19042.1826 is affected.
- Version 10.0.0 and below 10.0.22000.795 is affected.
- Version 10.0.19043.0 and below 10.0.19044.1826 is affected.
- Version 10.0.10240.0 and below 10.0.10240.19360 is affected.
- Version 10.0.14393.0 and below 10.0.14393.5246 is affected.
- Version 10.0.14393.0 and below 10.0.14393.5246 is affected.
- Version 10.0.14393.0 and below 10.0.14393.5246 is affected.
- Version 6.1.0 and below 6.1.7601.26022 is affected.
- Version 6.1.0 and below 6.1.7601.26022 is affected.
- Version 6.3.0 and below 6.3.9600.20478 is affected.
- Version 6.0.6003.0 and below 6.0.6003.21569 is affected.
- Version 6.0.6003.0 and below 6.0.6003.21569 is affected.
- Version 6.0.6003.0 and below 6.0.6003.21569 is affected.
- Version 6.1.7601.0 and below 6.1.7601.26022 is affected.
- Version 6.1.7601.0 and below 6.1.7601.26022 is affected.
- Version 6.2.9200.0 and below 6.2.9200.23771 is affected.
- Version 6.2.9200.0 and below 6.2.9200.23771 is affected.
- Version 6.3.9600.0 and below 6.3.9600.20478 is affected.
- Version 6.3.9600.0 and below 6.3.9600.20478 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.