- VMware Product Release Tracker (vTracker)
- If your AI-generated code becomes faulty, who faces the most liability exposure?
- These discoutned earbuds deliver audio so high quality, you'll forget they're mid-range
- This Galaxy Watch is one of my top smartwatches for 2024 and it's received a huge discount
- One of my favorite Android smartwatches isn't from Google or OnePlus (and it's on sale)
Microsoft Patches Windows Zero-Day as Attackers Exploit it in the Wild
Microsoft patched a zero-day bug in its latest Patch Tuesday update this week that allowed remote execution on Windows machines and which is already being exploited in the wild.
CVE-2022-22047 is an elevation of privilege vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS), which is responsible for Windows features, including console windows and the shutdown process. Details on how to exploit the bug are understandably scarce given that it has not yet been publicly disclosed, but an attack that succeeds can gain SYSTEM privileges in Windows.
Microsoft only ranked this bug as important, which could cause some customers to miss it. Nevertheless, its exploitation in the wild makes it crucial for organizations to patch it as soon as possible.
CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) list and given federal agencies three weeks to patch it. The patches are mandatory under Binding Operational Directive 22-01, issued in November, which forces agencies to fix bugs in the KEV list.
There were four critical bugs in Microsoft’s patch Tuesday rollout. CVE-2022-22029 and CVE-2022-22039 affect the Windows Network File System. These vulnerabilities enable remote code execution. They are exploitable with a maliciously crafted call to an NFS service.
The CVE-2022-22038 bug, also listed as critical, is a remote code execution vulnerability in the Windows RPC runtime. An attacker can exploit it by sending “constant or intermittent data,” according to Microsoft.
The final critical bug in the lineup was CVE-2022-30221, a flaw in the Windows Graphics Component, which also allows for remote code execution. To exploit this flaw, an attacker would need to target machines with RDP 8.0 or 8.1, said Microsoft. They would have to convince a user to connect to a malicious RDP server that could then execute remote code on the victim’s system.
Adobe also released updates for its Acrobat, Acrobat Reader, Robohelp, Animater, and Photoshop programs on Tuesday. The Acrobat and Reader updates fixed over 20 vulnerabilities, including some that allowed arbitrary code execution.