7.8

CVE-2022-22047

Warnung

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 10 1507 Version < 10.0.10240.19360
MicrosoftWindows 10 1607 Version < 10.0.14393.5246
MicrosoftWindows 10 1809 Version < 10.0.17763.3165
MicrosoftWindows 10 20h2 Version < 10.0.19042.1826
MicrosoftWindows 10 21h1 Version < 10.0.19043.1826
MicrosoftWindows 10 21h2 Version < 10.0.19044.1826
MicrosoftWindows 11 21h2 Version < 10.0.22000.795
MicrosoftWindows 7 Version- Updatesp1
MicrosoftWindows 8.1 Version-
MicrosoftWindows Rt 8.1 Version-
MicrosoftWindows Server 2008 Version- Updatesp2
MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
MicrosoftWindows Server 2016 Version < 10.0.14393.5246
MicrosoftWindows Server 2019 Version < 10.0.17763.3165
MicrosoftWindows Server 2022 Version < 10.0.20348.825
MicrosoftWindows Server 20h2 Version < 10.0.19042.1826

12.07.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability

Schwachstelle

Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.64% 0.697
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
secure@microsoft.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.