CVE-2022-37989

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Oct 11, 2022
Updated: Jan 2, 2025

Summary

CVE-2022-37989 is an elevation of privilege vulnerability affecting the Windows Client Server Run-time Subsystem (CSRSS). An attacker who successfully exploits this vulnerability can gain higher system privileges, potentially leading to serious security implications. The CSRSS is a fundamental component of the Windows operating system, making this a significant finding. Exploitation requires local access to the system, increasing the risk for insider threats or physically present attackers. Microsoft has released a patch to address this issue, and users are urged to apply the update promptly to mitigate potential threats.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft Windows Server 2008
  • Microsoft Windows 7
  • Microsoft Windows 10
  • Microsoft Windows 8.1
  • Microsoft Windows Server 2012

Affected Vendors

  • Microsoft