news

CISA instructed agencies to patch zero-day vulnerability in Windows

9 months ago
by Christopher Edwards

CISA instructed agencies to patch a zero-day vulnerability in Windows

CISA is a federal agency of the United States, established on the date of 16th November 2018, Jen Easterly was assigned as a director of CSRSS (Client/Server Runtime Subsystem) on 12th July 2021. The actual role of CISA is to improve the Cybersecurity system against cyber criminals.

CISA

Instructing the Windows CSRSS (Client/Server Runtime Subsystem) US Department of Homeland Security (Cyber Security and Infrastructure Security Agency) the CISA (Cyber Security and Infrastructure Security Agency) has directed to fix the zero-day vulnerability completely and quickly as well as The exploited bug has been actively added to its list.

CVE-2022-22047 has been tracked as a bug with a high-security flaw, affecting not only the client Windows platform but also the server platform directly, Which includes the latest Windows 11 so far, as well as the Windows Server 2022 release. Taking all these into consideration, CISA has also taken its step forward to address the CVE-2022-22047 vulnerability giving them three weeks i.e. till 2nd August 2022, to address all types of bugs running on their systems. It will help to stop the attack.

So the same Microsoft told the company that before the fix was available, this patch was used in the attack on Tuesday 2022, and those attackers who successfully exploited this vulnerability could easily gain their privileges on the system. That’s why Microsoft has also classified this patch as zero-day. According to Redmond, the same internal vulnerability was discovered by MSRC (Microsoft Security Response Center) and MSTIC (Microsoft Threat Intelligence Center.

So let me tell you that (BOD 22-01) a binding operating directive that was issued in November has included the FCEB (all federal civilian executive branch agencies) on the CISA’s list of KEV (known exploited vulnerabilities) because all agencies are in need of securing their networks against their own security flaws.

Although this directive only applies to US federal agencies, this may be the reason why CISA is required to completely thwart every single attacker’s attempt, or rather don’t want to give the attacker any chance to launch any type of attack. For this, he urges all American organizations to increase their privileges on unpatched Windows systems.

You may also like

About the author

Christopher Edwards

Hey This is Chris, I am a Malware researcher and security analyst. I love to find out about new threats and viruses and I started this website to teach people how to stay safe online. You will get all the latest malware removal tips and tricks here. You can also ask for any virus related problem in comment section or through our contact page.

View all posts