Microsoft addressed 84 distinct Windows and Azure vulnerabilities in its recent “Patch Tuesday” update; one of these, CVE-2022-22047, is a zero-day attack currently being exploited in the wild. Due to the fact that the vulnerability was discovered by Microsoft’s internal research teams, the Microsoft Threat Intelligence Center and the Microsoft Security Response Center, no Proof of Concept (POC) has been released at this time. Microsoft has not released any further information on the attacks, which leaves details such as frequency, attribution, and geographical location currently unknown. The bug is reported as an elevation of privilege vulnerability in the Windows Client Server Runtime Subsystem (CSRSS), which allows a threat actor that has already successfully accessed an account and achieved Remote Code Execution (RCE) to elevate the account to SYSTEM.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in