The CISA is Pushing to Fix Windows by August

Windows 11 hasn’t had the best of starts. I use it and am completely happy with it but I know not everyone is. It seems the Cybersecurity and Infrastructure Security Agency (CISA) aren’t happy with it either.

The CISA have recommended that Microsoft patch a bug affecting the Windows Client Server Runtime Subsystem (CSRSS) in Windows 7, 8, 10, 11 and Microsoft Windows Server 2012 and 2008. They are so concerned by the threat it poses, they have given a strong recommendation and a deadline date of August 2.

The bug is tracked under CVE-2022-202247 and is described as a bug that can enable a bad actor to gain system privileges. It does require an already infected system, but given as there are millions of those, this is being tracked as a bug.

According to Fortilabs, the bug isn’t serious as it needs an existing foothold within a system to execute. It is still regarded as a medium risk, which is actually quite conservative.

“Although there is no further information on exploitation released by Microsoft, it can be surmised that an unknown remote code execution allowed for an attacker to perform lateral movement and escalate privileges on machines vulnerable to CVE-2022-22047, ultimately allowing for SYSTEM privileges.”

Active Exploitation

Even though the vector requires an established local presence in hacked machines, CISA and Microsoft report it is being exploited: “Although there is no further information on exploitation released by Microsoft, it can be surmised that an unknown remote code execution allowed for an attacker to perform lateral movement and escalate privileges on machines vulnerable to CVE-2022-22047, ultimately allowing for SYSTEM privileges.”

Microsoft has released a patch for this vulnerability, but many enterprises run delayed schedules for thorough testing before releasing them into the wild. This vulnerability could be a valid reason to accelerate that process a little!