Vulnerability Management, Threat Management

CISA: Immediate patching needed for exploited Windows zero-day

Federal agencies have been urged by the Cybersecurity and Infrastructure Security Agency to patch until Aug. 2 an actively exploited Windows Client/Server Runtime Subsystem zero-day vulnerability affecting Windows 11 and Windows Server 2022 releases, BleepingComputer reports. Microsoft has already addressed the high-severity flaw, tracked as CVE-2022-22047, as part of this month's Patch Tuesday. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," said Microsoft, which added that the Microsoft Security Response Center and Microsoft Threat Intelligence Center identified the zero-day. While only federal agencies were given the three-week deadline by CISA to address the exploited security bug after its inclusion in the agency's Known Exploited Vulnerabilities catalog, organizations across the U.S. have also been urged by the agency to immediately patch the flaw. "These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise," the CISA noted.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.