CVE-2022-37989

CSRSS Elevation of Privilege (CVE-2022-37989) is a Windows local privilege escalation vulnerability in the Client Server Run-time Subsystem. The issue permits a local attacker to elevate privileges (to SYSTEM) on vulnerable Windows versions. Public details describe CSRSS as the Windows user-mode ...

CVE-2022-37987

CVE-2022-37987 is a Windows CSRSS local privilege-elevation vulnerability in the Client Server Run-time Subsystem. The CVSSv3.1 base score is 7.8 (HIGH) with local attack vector, low attack complexity, and privileges required: LOW; impact to confidentiality, integrity, and availability is HIGH. A...

Microsoft Patch Tuesday July 2022: propaganda report, CSRSS EoP, RPC RCE, Edge, Azure Site Recovery

Hello everyone! Microsoft has been acting weird lately. I mean the recent publication of a propaganda report about evil Russians and how Microsoft is involved in the conflict between countries. It wouldnt be unusual for a US government agency, NSA or CIA to publish such a report. But when a globa...

CISA Urges Patch of Exploited Windows 11 Bug by Aug. 2

A Windows 11 vulnerability, part of Microsoft’s Patch Tuesday roundup of fixes, is being exploited in the wild, prompting the U.S. Cybersecurity and Infrastructure Security Agency CISA to advise patching of the elevation of privileges flaw by August 2. The recommendation is directed at federal...

Microsoft Windows Multiple Vulnerabilities (KB5015807)

This host is missing an important security update according to Microsoft KB5015807 SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

CVE-2022-22049

Windows Client Server Run-time Subsystem CSRSS Elevation of Privilege Vulnerability...

CVE-2022-22047

Windows Client Server Run-time Subsystem CSRSS Elevation of Privilege Vulnerability...

CVE-2022-22049

Windows Client Server Run-time Subsystem CSRSS Elevation of Privilege Vulnerability...

CVE-2022-22026

Windows Client Server Run-time Subsystem CSRSS Elevation of Privilege Vulnerability...

Privilege escalation

Windows Client Server Run-time Subsystem CSRSS Elevation of Privilege Vulnerability...

Privilege escalation

Windows Client Server Run-time Subsystem CSRSS Elevation of Privilege Vulnerability...

Privilege escalation

Windows Client Server Run-time Subsystem CSRSS Elevation of Privilege Vulnerability...

CVE-2022-22049

CVE-2022-22049 is a Windows CSRSS (Client Server Run-time Subsystem) Elevation of Privilege vulnerability. The entry lists a CVSS v2 base score of 7.2 (HIGH) and CVSS v3.1 base score of 7.8 (HIGH), with LOCAL attack vector, LOW attack complexity, and privileges required as LOW; no user interactio...

CVE-2022-22047

CVE-2022-22047 is a Windows CSRSS Elevation of Privilege vulnerability. The CSRSS component may allow a local attacker who can execute code on the target to gain SYSTEM privileges. Public exploitation has been reported; Microsoft’s July 2022 Patch Tuesday addressed this family of issues (CSRSS Eo...

CVE-2022-22047 Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

...

CVE-2022-22026

CVE-2022-22026 is a Windows CSRSS Elevation of Privilege vulnerability. The connected document confirms it as one of the CSRSS issues fixed during the July 2022 Patch Tuesday cycle, noting that two other CSRSS flaws (CVE-2022-22047 and CVE-2022-22049) were also fixed. The exact affected product s...

Patch Tuesday - July 2022

Microsoft’s updates for July's Patch Tuesday fix 86 CVEs, including two vulnerabilities in their Chromium-based Edge browser that were patched earlier in the month. One 0-day vulnerability has been patched: CVE-2022-22047 affects all currently supported versions of Microsoft’s pervasive operating...

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

...

VulnCheck KEV: CVE-2022-22047

Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges...

KLA12581 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to gain privileges, bypass security restrictions, obtain sensitive information, execute arbitrary code, cause denial of service. Below is a complete list of...