1. SecPod Technologies
  2. KB Articles
  3. How To's

    Patching Windows CSRSS Elevation of Privilege Vulnerability (CVE-2022-22047) using SanerNow

    Follow

    Overview:
    Microsoft recently patched a high severity security vulnerability in its July 2022 Patch Tuesday. This wildly exploited security vulnerability is assigned with an identifier CVE-2022-22047 and has a CVSS score of 7.8. Successful exploitation of this vulnerability allows an authenticated attacker to escalate their privileges by exploiting the vulnerability in the Windows Client Server Runtime Subsystem (CSRSS) to execute arbitrary code on the affected systems with SYSTEM privileges.


    CVSS v3.0 Severity and Metrics:
    Base Score: 7.8 HIGH

    CVSS v2.0 Severity and Metrics:
    Base Score: 7.2 HIGH

     

    Affected software:

    Microsoft Windows 10
    Microsoft Windows 10 Version 1607
    Microsoft Windows 10 Version 1809
    Microsoft Windows 10 Version 20H2
    Microsoft Windows 10 Version 21H1
    Microsoft Windows 10 Version 21H2
    Microsoft Windows 11
    Microsoft Windows 7
    Microsoft Windows 8.1
    Microsoft Windows Server 2008
    Microsoft Windows Server 2008 R2
    Microsoft Windows Server 2012
    Microsoft Windows Server 2012 R2
    Microsoft Windows Server 2016
    Microsoft Windows Server 2019
    Microsoft Windows Server 2022
    Microsoft Windows Server, version 20H2

    Solution:

    To address this vulnerability, Microsoft has released security patches. For more information, please refer to our blog

    Use SanerNow platform to apply this critical patch quickly across the organization as shown below.


    SanerNow: Vulnerability detection and patching of HTTP Protocol Stack:

    1. Login to SanerNow platform

    2. Switch to the account/site specific view and Go to 'VM tool'

    3. If your Windows Operation System is vulnerable, Saner lists the CVE-2022-22047 in 'Top Vulnerabilities' or 'Recently Discovered Vulnerabilities' as shown in the below diagram

    MicrosoftTeams-image__2_.png

     

    4. Search for this vulnerability in VM tool. If you are affected, apply the patch through PM -> Missing Patches

    5. Select 'Groups/Devices' in the 'Asset Source' section and click 'Apply'.

    6. Select the 'Windows OS' product from the 'Asset' section as shown in the below diagram.

    MicrosoftTeams-image__3_.png

     

    7. Select 'Apply Selected Patches' at the rightmost corner. This will prompt for 'Creating Patching Task'. Fill in 'Task Name' and 'Remediation Schedule' as per your preference and click on 'Apply Selected Patches' as shown below,

    MicrosoftTeams-image__4_.png

     

    8. Remediation job will be created, which will fix the vulnerabilities by upgrading the Operating system to the latest build version.
    9. Once remediation is done, the Saner agent automatically scans again and upload the result to SanerNow as shown below,

    MicrosoftTeams-image__5_.png

    Was this article helpful?
    0 out of 0 found this helpful

    Comments