Man sits by computer while "Update" is displayed on screen

CISA sets date for orgs to fix the Microsoft zero-day vulnerability used in phishing attacks

CISA has updated its list of vulnerabilities that have been regularly exploited in systems to include a local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS).

The most recent Windows 11 and Windows Server 2022 versions are both affected by this high severity security flaw (identified as CVE-2022-22047), which affects both server and client Windows systems.

The eighty-two bugs in Microsoft’s Patch Tuesday update for July included the zero-day vulnerability. To remedy the actively exploited CVE-2022-22047 vulnerability, CISA has given organisations till 2 August. Their systems will be protected against continuous attacks with the help of this patch.

In compliance with a legally binding operational directive (BOD 22-01) released in November, all Federal Civilian Executive Branch Agencies (FCEB) must protect their networks against known vulnerabilities that have been included to CISA’s list of known exploited vulnerabilities (KEV).

An attacker could be able to manipulate the system using this vulnerability.

— Security Alert from Microsoft:

Redmond claims the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Centre internally identified the issue (MSRC). An attack would only be successful if the attacker previously had access to code execution as a non-privileged user.

Alon Rosenblum, CEO of Canonic Security, explained:

Many attack scenarios rely on privilege elevation vulnerabilities, making them more risky. By getting credentials and network access, you may progress from the first infiltration step to the lateral movement stage.

Privilege is increased for attackers who have already accessed a vulnerable system, so bugs like this pose a significant threat. The system access is obtained by other methods, such as social engineering or the use of a different vulnerability, and which have restricted rights.

Federal organisations must update their systems

All U.S. companies are urged by CISA to address the Windows CSRSS elevation of privilege problem to prevent Microsoft zero-day vulnerability. Even though the BOD 22-01 order only pertains to US government agencies, CISA strongly advises all US-based companies to patch the Windows CSRSS elevation of privilege bug. This will prevent attackers from elevating their rights on unpatched Windows computers.

According to the US cybersecurity agency:

“These vulnerabilities provide a serious risk to the federal operation since they are a common attack vector for attackers.”

Since the publication of BOD 22-01, CISA has increased the number of security vulnerabilities that have been exploited in attacks by hundreds. In order to stop breaches, CISA has mandated that US government entities patch their systems as quickly as feasible.

Start your Phishing Tackle security awareness training today with our two-week free trial.

Recent posts