Skip to content

CISAnalyis 18 July 2022

CVE-2022-22047, an actively exploited zero-day affecting a range of Microsoft Windows and Windows Server versions, was added to CISA’s Known Exploited Vulnerabilities list with an order to all US agencies to patch by the 2nd of August.

Understandably, there’s a dearth of information regarding this new vulnerability’s scope and use cases, but Microsoft released a patch along with 83 others in their July 2022 Patch Tuesday update.

What we do know is that CVE-2022-22047 is an elevation of privilege bug in Windows’ Client/Server Runtime Subsystem (CSRSS). It was given a CVSSv3 score of 7.8 and a rating of Important. If exploited, the vulnerability gives SYSTEM privileges, allowing an attacker full control of a Microsoft endpoint.

Given the potential repercussions of this exploit, one might wonder why it hasn’t been deemed critical. According to Mike Walters of Action1, it can only be executed locally. But he also adds that “vulnerabilities of this type are great for taking control over a workstation or server when they are paired with phishing attacks that use Office documents with macros. This vulnerability can likely be paired with Follina to gain full control over a Windows endpoint.”

On 11 July 2022, Microsoft also released an article stating that VBA macros from the internet will be blocked by default.

#cisa_analysis #vicarius_blog

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Topia
TOPIA is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.