Microsoft has issued an urgent Patch Tuesday bulletin to warn of in-the-wild zero-day exploitation of a privilege escalation flaw in the Windows operating system.
The critical vulnerability, flagged as CVE-2022-22047, exists in the Client/Server Runtime Subsystem (csrss.exe) and carries a CVSS severity rating of 7.8.
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Redmond’s security response team said in an advisory.
The software giant did not provide any additional details of the live attacks outside of a notification that the issue has not been publicly disclosed. The company did not provide IOCs (indicators of compromise) to help defenders hunt for signs of compromise.
Microsoft credited its own MSTIC (Microsoft Threat Intelligence Center) and MSRC (Microsoft Security Response Center) units with the discovery of the zero-day exploitation.
[ READ: Adobe Patch Tuesday: Critical Flaws in Acrobat, Reader, Photoshop ]
The Windows CSRSS privilege escalation flaw headlines a very busy Patch Tuesday that includes fixes for at least 84 documented vulnerabilities across the Windows ecosystem.
According to the Zero Day Initiative (ZDI), the July Patch Tuesday rollout did not include any fixes for the recent Pwn2Own competition where hackers exploited unpatched flaws in Windows 11 and Microsoft Teams. At that event, Pwn2Own participants demonstrated six Windows 11 privilege escalation flaws and three Microsoft Teams exploit chains.
The 84 documented vulnerabilities (counting by CVE) affect a range of OS components, including Microsoft Office, BitLocker, Microsoft Defender, Windows Azure and Windows Windows Hyper-V.
According to Microsoft’s documentation, 4 of the 84 vulnerabilities carry the highest “critical” severity rating. The remaining bugs are rated “important” in severity.
[ READ: ICS Patch Tuesday: Siemens, Schneider Electric Address 59 Vulnerabilities ]
Redmond’s patches come just hours after software maker Adobe patched 22 documented vulnerabilities in a range of desktop products, some serious enough to cause arbitrary code execution attacks.
The patches, available for Adobe Acrobat and Reader for Windows and macOS, affect Adobe Acrobat/Reader, Adobe Photoshop, Adobe RoboHelp and Adobe Character Animator.
According to an advisory from Adobe, the Acrobat/Reader update address multiple critical vulnerabilities that could expose computer users to arbitrary code execution and memory leak attacks.
Adobe said it was not aware of in-the-wild exploits prior to the availability of patches.
Related: ICS Patch Tuesday: Siemens, Schneider Electric Address 59 Vulnerabilities
Related: Patch Tuesday: Microsoft Calls Attention to ‘Wormable’ Windows
Related: Adobe Patch Tuesday: Critical Flaws in Acrobat, Reader, Photoshop

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.
More from Ryan Naraine
- Microsoft Catches Chinese .Gov Hackers Targeting US Critical Infrastructure
- Researchers Spot APTs Targeting Small Business MSPs
- Mikrotik Belatedly Patches RouterOS Flaw Exploited at Pwn2Own
- Red Hat Pushes New Tools to Secure Software Supply Chain
- Investors Make $6M Bet on Manifest for SBOM Management Technology
- Entro Raises $6M to Tackle Secrets Sprawl
- IBM Snaps up DSPM Startup Polar Security
- Huntress Closes $60M Series C for MDR Expansion
Latest News
- Chrome 114 Released With 18 Security Fixes
- Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
- Breaking Enterprise Silos and Improving Protection
- Spyware Found in Google Play Apps With Over 420 Million Downloads
- Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability
- Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
- PyPI Enforcing 2FA for All Project Maintainers to Boost Security
- Personal Information of 9 Million Individuals Stolen in MCNA Ransomware Attack
