One Article Review
| Source |  Fortinet ThreatSignal |
|---|---|
| Identifiant | 5705566 |
| Date de publication | 2022-07-13 16:01:51 (vue: 2022-07-14 00:05:42) |
| Titre | Known Active Exploitation of Windows CSRSS Elevation of Privilege Vulnerability (CVE-2022-22047) |
| Texte | FortiGuard Labs is aware of a newly reported and actively exploited zero day targeting Microsoft Windows and Windows Server (Windows CSRSS Elevation of Privilege Vulnerability). Assigned CVE-2022-22047, this vulnerability was discovered by Microsoft internally and credited to the Microsoft Security Response Center. As this vulnerability was disclosed by Microsoft, details surrounding this exploit are limited. Attackers successfully exploiting this vulnerability will gain SYSTEM privileges. Patches for this vulnerability were rolled out in this month's July 2022 release, which addresses 84 known vulnerabilities.US-CERT (CISA) has added CVE-2022-22047 to its recently published Known Exploited Vulnerabilities Catalog. A link can be found in the APPENDIX section.Is this Being Exploited in the Wild?Yes. Microsoft has confirmed reports of active exploitation.How Serious of a Vulnerability is this?Medium. This is due to the vulnerability not being remotely exploitable and a patch being available.What is the CVSS score for this issue?7.8Is this Vulnerability Remotely Exploitable?No. This is a local vulnerability.How is this Vulnerability Actively Being Exploited if it is a Local Vulnerability?Although there is no further information on exploitation released by Microsoft, it can be surmised that an unknown remote code execution allowed for an attacker to perform lateral movement and escalate privileges on machines vulnerable to CVE-2022-22047, ultimately allowing for SYSTEM privileges.What Operating Systems are Affected?Microsoft Windows 7,8,10,11 and Microsoft Windows Server 2012 and 2008 versions are affected.Is there a Patch Available?Yes. A patch was included in this months Microsoft July 2022 update.What Protections are Available?Fortinet customers running the latest (IPS) definitions are currently protected against CVE-2022-22047 by the following signature:MS.Windows.CVE-2022-22047.Privilege.Elevation |
| Envoyé | Oui |
| Condensat | 2008 2012 2022 22047 8is active actively added addresses affected against allowed allowing although appendix are assigned attacker attackers available aware being can catalog center cert cisa code confirmed credited csrss currently customers cve cvss day definitions details disclosed discovered due elevation escalate execution exploit exploitable exploitation exploited exploiting following fortiguard fortinet found further gain has how included information internally ips issue its july known labs lateral latest limited link local machines medium microsoft month months movement newly not operating out patch patches perform privilege privileges protected protections published recently release released remote remotely reported reports response rolled running score section security serious server signature:ms successfully surmised surrounding system systems targeting ultimately unknown update versions vulnerabilities vulnerability vulnerable what which wild will windows zero |
| Tags | Vulnerability |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.