Every week, we bring to you the CVEs that need to be patched, as recommended by CISA. This week, there is only one CVE (CVE-2022-22047) which needs to be patched by the 2nd of August 2022. Our team has analyzed this CVE and here are the findings:
This CVE, discovered in 2022, is found in Windows Client Server Runtime Subsystem (CSRSS) and can be used to execute code remotely. It arises due to an improper privilege management flaw (CWE-269). This was discovered as a zero-day vulnerability and a patch was made available on Microsoft’s Patch Tuesday.
Recently, this CVE was exploited by the PSOA Knotweed with a special spyware kit, SubZero. If exploited, it could lead to complete take-over of the system and information. Hence, Microsoft has urged all its Windows CSRSS users to patch this vulnerability immediately.
For more information on the Knotweed incident, check out our weekly threat blog.
This CVE has no known ransomware or APT group associations.
Table: DHS CISA KEVs
Also, check out our blog on the CISA directives for the month of August, 2022.