Federal agencies have been urged by the Cybersecurity and Infrastructure Security Agency to patch until Aug. 2 an actively exploited Windows Client/Server Runtime Subsystem zero-day vulnerability affecting Windows 11 and Windows Server 2022 releases, BleepingComputer reports.
Microsoft has already addressed the high-severity flaw, tracked as CVE-2022-22047, as part of this month's Patch Tuesday.
"An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," said Microsoft, which added that the Microsoft Security Response Center and Microsoft Threat Intelligence Center identified the zero-day. While only federal agencies were given the three-week deadline by CISA to address the exploited security bug after its inclusion in the agency's Known Exploited Vulnerabilities catalog, organizations across the U.S. have also been urged by the agency to immediately patch the flaw.
"These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise," the CISA noted.