CVE-2022-22047 vulnerability in Microsoft Products
Published on July 12, 2022
Known Exploited Vulnerability
This Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft Windows CSRSS contains an unspecified vulnerability which allows for privilege escalation to SYSTEM privileges.
The following remediation steps are recommended / required by August 2, 2022: Apply updates per vendor instructions.
Vulnerability Analysis
CVE-2022-22047 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
What is an Untrusted Path Vulnerability?
The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.
CVE-2022-22047 has been classified to as an Untrusted Path vulnerability or weakness.
Products Associated with CVE-2022-22047
You can be notified by stack.watch whenever vulnerabilities like CVE-2022-22047 are published in these products:
What versions are vulnerable to CVE-2022-22047?
- Microsoft Windows 10 Version - x64
- Microsoft Windows 10 Version 1607 x86
- Microsoft Windows Server 2008 Version r2 sp1 x64
- Microsoft Windows 7 Version - sp1 x86
- Microsoft Windows Server 2012 Version r2
- Microsoft Windows Server 2016 Version -
- Microsoft Windows 10 Version - x86
- Microsoft Windows 10 Version 1607 x64
- Microsoft Windows Rt 8 1 Version -
- Microsoft Windows 7 Version - sp1 x64
- Microsoft Windows Server 2012 Version -
- Microsoft Windows Server 2008 Version - sp2 x64
- Microsoft Windows 8.1 Version - x64
- Microsoft Windows Server 2019 Version -
- Microsoft Windows 10 Version 1809 x64
- Microsoft Windows 10 Version 1809 x86
- Microsoft Windows 10 Version 1809 arm64
- Microsoft Windows 8.1 Version - x86
- Microsoft Windows Server 2008 Version - sp2 x86
- Microsoft Windows Server 2016 Version 20h2
- Microsoft Windows 10 Version 20h2 x64
- Microsoft Windows 10 Version 20h2 arm64
- Microsoft Windows 10 Version 20h2 x86
- Microsoft Windows 10 Version 21h1 x64
- Microsoft Windows Server 2022 Version -
- Microsoft Windows 11 Version - arm64
- Microsoft Windows 11 Version - x64
- Microsoft Windows 10 Version 21h1 arm64
- Microsoft Windows 10 Version 21h1 x86
- Microsoft Windows 10 Version 21h2 arm64
- Microsoft Windows 10 Version 21h2 x64
- Microsoft Windows 10 Version 21h2 x86