In Microsoft’s latest Patch Tuesday update this week, Microsoft patched a zero-day bug that allowed remote execution on Windows machines and which is already being exploited in the wild.
CVE-2022-22047 is an elevation of privilege vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS), which is responsible for Windows features, including the shutdown process. Details on how to exploit the bug have not been publicly disclosed. An attack that succeeds could, however, gain access to SYSTEM privileges in Windows.
The bug was ranked as important by Microsoft. This could cause some customers to miss it. As it is being exploited in the wild, it is crucial that organisations patch it as soon as possible.
Additionally, CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) list and has given federal agencies three weeks to patch it. Under Binding Operational Directive 22-01, issued in November, these patches are mandatory and agencies must fix bugs in the KEV list.
Four critical bugs were patched in Microsoft’s patch Tuesday this week. Allowing remote code execution, CVE-2022-22029 and CVE-2022-22039 affect the Windows Network File System. They are exploitable with a maliciously crafted call to an NFS service.
Another critical bug, dubbed CVE-2022-22038, is a remote code execution vulnerability in the Windows RPC runtime. According to Microsoft, it can be exploited by attackers by sending “constant or intermittent data.”
CVE-2022-30221 was the final critical bug to be patched in the update. It’s a flaw in the Windows Graphics Component which also allows for remote code execution. Microsoft said, that to exploit this flaw, an attacker would need to target machines with RDP 8.0 or 8.1. They would need to convince a user to connect to a malicious RDP server that could then execute remote code on the victim’s systems.
Adobe also released updates for many of its programs on Tuesday, including Photoshop and Acrobat. The Reader and Acrobat updates fixed over 20 vulnerabilities, including some that allowed arbitrary code execution.