microsoft windows-10 CVE-2022-22047 vulnerability in Microsoft Products
Published on July 12, 2022

product logo product logo
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

NVD

Known Exploited Vulnerability

This Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft Windows CSRSS contains an unspecified vulnerability which allows for privilege escalation to SYSTEM privileges.

The following remediation steps are recommended / required by August 2, 2022: Apply updates per vendor instructions.

Vulnerability Analysis

CVE-2022-22047 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

What is an Untrusted Path Vulnerability?

The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.

CVE-2022-22047 has been classified to as an Untrusted Path vulnerability or weakness.


Products Associated with CVE-2022-22047

You can be notified by stack.watch whenever vulnerabilities like CVE-2022-22047 are published in these products:

Microsoft Windows 10
 
Microsoft Windows Server 2008
 
Microsoft Windows 7
 
Microsoft Windows Server 2012
 
Microsoft Windows Server 2016
 
Microsoft Windows Rt 8 1
 
Microsoft Windows 11
 
Microsoft Windows 8.1
 
Microsoft Windows Server 2019
 
Microsoft Windows Server 2022
 

What versions are vulnerable to CVE-2022-22047?