CVE-2022-22047: Windows CSRSS Elevation of Privilege 0-day Vulnerability

Today, Microsoft released July Patch Tuesday to fix 84 security vulnerabilities (including a zero-day) in Windows and products. Microsoft marked 4 flaws as critical as they allow remote code execution. This patch includes 52 Elevation of Privilege Vulnerabilities, 4 Security Feature Bypass Vulnerabilities, 12 Remote Code Execution Vulnerabilities, 11 Information Disclosure Vulnerabilities, and 5 Denial of Service vulnerabilities.


Tracked as CVE-2022-22047, this bug is an elevation of privilege bug in Windows’ Client/Server Runtime Subsystem (CSRSS) and classified as a zero-day as it was abused in attacks before a fix was available. It received a CVSSv3 score of 7.8 and is rated as Important. Microsoft says this vulnerability has been exploited in the wild, though no further details have been shared at the time of publication. However, this type of vulnerability is likely to have been used as part of the post-compromise activity, once an attacker has gained access to their targeted system and run a specially crafted application.

The vulnerability allows an attacker to execute code as SYSTEM, provided they can execute other code on the target,” ZDI’s Dustin Childs wrote. “Bugs of this type are typically paired with a code execution bug, usually a specially crafted Office or Adobe document, to take over a system. These attacks often rely on macros, which is why so many were disheartened to hear Microsoft’s delay in blocking all Office macros by default.

CVE-2022-22047 is credited to the Microsoft Threat Intelligence Center and Microsoft Security Response Center.

Four critical remote code execution (RCE) vulnerabilities were fixed today. CVE-2022-22029 and CVE-2022-22039 affect network file system (NFS) servers, and CVE-2022-22038 affects the remote procedure call (RPC) runtime.

Other components seeing updates this month include Microsoft Defender for Endpoint; Microsoft Edge (Chromium-based); Office; Windows BitLocker; Windows Hyper-V; Skype for Business and Microsoft Lync; and Xbox.

We recommend that Windows users install the Microsoft July Patch Tuesday as soon as possible.