Microsoft has issued an urgent Patch Tuesday bulletin to warn of in-the-wild zero-day exploitation of a privilege escalation flaw in the Windows operating system.
The critical vulnerability, flagged as CVE-2022-22047, exists in the Client/Server Runtime Subsystem (csrss.exe) and carries a CVSS severity rating of 7.8.
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Redmond’s security response team said in an advisory.
The software giant did not provide any additional details of the live attacks outside of a notification that the issue has not been publicly disclosed. The company did not provide IOCs (indicators of compromise) to help defenders hunt for signs of compromise.
Microsoft credited its own MSTIC (Microsoft Threat Intelligence Center) and MSRC (Microsoft Security Response Center) units with the discovery of the zero-day exploitation.
[ READ: Adobe Patch Tuesday: Critical Flaws in Acrobat, Reader, Photoshop ]
The Windows CSRSS privilege escalation flaw headlines a very busy Patch Tuesday that includes fixes for at least 84 documented vulnerabilities across the Windows ecosystem.
According to the Zero Day Initiative (ZDI), the July Patch Tuesday rollout did not include any fixes for the recent Pwn2Own competition where hackers exploited unpatched flaws in Windows 11 and Microsoft Teams. At that event, Pwn2Own participants demonstrated six Windows 11 privilege escalation flaws and three Microsoft Teams exploit chains.
The 84 documented vulnerabilities (counting by CVE) affect a range of OS components, including Microsoft Office, BitLocker, Microsoft Defender, Windows Azure and Windows Windows Hyper-V.
According to Microsoft’s documentation, 4 of the 84 vulnerabilities carry the highest “critical” severity rating. The remaining bugs are rated “important” in severity.
[ READ: ICS Patch Tuesday: Siemens, Schneider Electric Address 59 Vulnerabilities ]
Redmond’s patches come just hours after software maker Adobe patched 22 documented vulnerabilities in a range of desktop products, some serious enough to cause arbitrary code execution attacks.
The patches, available for Adobe Acrobat and Reader for Windows and macOS, affect Adobe Acrobat/Reader, Adobe Photoshop, Adobe RoboHelp and Adobe Character Animator.
According to an advisory from Adobe, the Acrobat/Reader update address multiple critical vulnerabilities that could expose computer users to arbitrary code execution and memory leak attacks.
Adobe said it was not aware of in-the-wild exploits prior to the availability of patches.
Related: ICS Patch Tuesday: Siemens, Schneider Electric Address 59 Vulnerabilities
Related: Patch Tuesday: Microsoft Calls Attention to ‘Wormable’ Windows
Related: Adobe Patch Tuesday: Critical Flaws in Acrobat, Reader, Photoshop

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.
More from Ryan Naraine
- VMware Plugs Critical Flaws in Network Monitoring Product
- Keep Aware Raises $2.4M to Eliminate Browser Blind Spots
- OpenAI Unveils Million-Dollar Cybersecurity Grant Program
- Galvanick Banks $10 Million for Industrial XDR Technology
- Microsoft Catches Chinese .Gov Hackers Targeting US Critical Infrastructure
- Researchers Spot APTs Targeting Small Business MSPs
- Mikrotik Belatedly Patches RouterOS Flaw Exploited at Pwn2Own
- Red Hat Pushes New Tools to Secure Software Supply Chain
Latest News
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
- Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- BBC, British Airways, Novia Scotia Among First Big-Name Victims in Global Supply-Chain Hack
- Sysdig Introduces CNAPP With Realtime CDR
- Stay Focused on What’s Important
