New 0Day Hack Attack Alert Issued For All Windows Users

Microsoft has confirmed newly discovered Windows security exploit is already under attack

SOPA Images/LightRocket via Getty Images

With 84 security issues requiring fixing, Microsoft’s monthly Patch Tuesday patch rollout is upon us. While only four of these security vulnerabilities are classified by Microsoft as critical in nature, one does stand out for requiring your most urgent attention.

What is the CVE-2022-22047 Windows 0Day?

CVE-2022-22047 is, Microsoft confirms, already being exploited by attackers. Microsoft describes this 0Day security threat as a Windows client-server runtime subsystem (CSRSS) elevation of privilege vulnerability. Almost every version of Windows is vulnerable to this threat, including Windows 7, 8.1, 10, 11, and Windows Server 2008, 2012, 2016, 2019, and 2022. Perhaps surprisingly, CVE-2022-22047 isn’t given a critical rating by Microsoft but an important one instead.

MORE FROM FORBESRansomware Surge As Dangerous New Gangs Take Over, Leaks RevealBy Davey Winder

Is this a critical Windows vulnerability or not?

Not everyone agrees with this classification. “Windows CSRSS Elevation of Privilege, tracked as CVE-2022-22047, is critical because it is actively exploited in the wild,” says Mike Walters, co-founder of Action1, a cloud-based monitoring specialist. “It has a 7.8 CVSS score because it can only be executed locally,” Walters continues, adding that “use of this vulnerability gives an attacker SYSTEM privileges.” Although the technical details are understandably sparse at this point in time, Walters warns that when paired with other attacks, it could give complete control of a Windows endpoint.

MORE FROM FORBESMicrosoft Downplays ‘High-Risk’ Edge Security Warning For 150 Million UsersBy Davey Winder

According to a Zero Day Initiative analysis of this latest Patch Tuesday security update, CVE-2022-22047 is precisely the type of vulnerability that is “typically paired with a code execution bug, usually a specially crafted Office or Adobe document, to take over a system.”

CISA orders federal agencies to patch

Another indicator of how serious this 0Day exploit should be taken comes from the Cybersecurity & Infrastructure Security Agency (CISA). It has just added CVE-2022-22047 to its Known Exploited Vulnerabilities Catalog. This requires that federal agencies in the U.S. now have until 2 August to patch their systems. This doesn’t mean you are off the hook if not a federal agency yourself. CISA adds that it “strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice.”

MORE FROM FORBESGoogle Warns Of Serious New Chrome Hack Attack Targeting Windows & AndroidBy Davey Winder

Stay connected with us on social media platform for instant update click here to join our T witter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here

Read original article here

Denial of responsibility! Rapidtelecast.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.