CVE-2022-37989
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2022-37989 is an elevation of privilege vulnerability affecting the Windows Client Server Run-time Subsystem (CSRSS). An attacker who successfully exploits this vulnerability can gain higher system privileges, potentially leading to serious security implications. The CSRSS is a fundamental component of the Windows operating system, making this a significant finding. Exploitation requires local access to the system, increasing the risk for insider threats or physically present attackers. Microsoft has released a patch to address this issue, and users are urged to apply the update promptly to mitigate potential threats.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Microsoft Windows Server 2008
- Microsoft Windows 7
- Microsoft Windows 10
- Microsoft Windows 8.1
- Microsoft Windows Server 2012
Affected Vendors
- Microsoft