CVE-2022-22047 vulnerability in Microsoft Products
Published on July 12, 2022
Known Exploited Vulnerability
This Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft Windows CSRSS contains an unspecified vulnerability which allows for privilege escalation to SYSTEM privileges.
The following remediation steps are recommended / required by August 2, 2022: Apply updates per vendor instructions.
Vulnerability Analysis
What is an Untrusted Path Vulnerability?
The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.
CVE-2022-22047 has been classified to as an Untrusted Path vulnerability or weakness.
Products Associated with CVE-2022-22047
You can be notified by stack.watch whenever vulnerabilities like CVE-2022-22047 are published in these products:
What versions are vulnerable to CVE-2022-22047?
-
Microsoft Windows Server 2008
Version r2
sp1
x64
-
Microsoft Windows Server 2012
Version r2
-
Microsoft Windows 8.1
Version -
-
Microsoft Windows Server 2008
Version -
sp2
-
Microsoft Windows 7
Version -
sp1
-
Microsoft Windows Rt 8 1
Version -
-
Microsoft Windows Server 2012
Version -
-
Microsoft Windows 10 1809
Fixed in Version 10.0.17763.3165
-
Microsoft Windows 10 21h1
Fixed in Version 10.0.19043.1826
-
Microsoft Windows 10 20h2
Fixed in Version 10.0.19042.1826
-
Microsoft Windows Server 20h2
Fixed in Version 10.0.19042.1826
-
Microsoft Windows 11 21h2
Fixed in Version 10.0.22000.795
-
Microsoft Windows 10 21h2
Fixed in Version 10.0.19044.1826
-
Microsoft Windows 10 1507
Fixed in Version 10.0.10240.19360
-
Microsoft Windows 10 1607
Fixed in Version 10.0.14393.5246
-
Microsoft Windows Server 2016
Fixed in Version 10.0.14393.5246
-
Microsoft Windows Server 2019
Fixed in Version 10.0.17763.3165
-
Microsoft Windows Server 2022
Fixed in Version 10.0.20348.825