CVE-2022-44673: Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

Overview

Severity

High (CVSS 7)

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

More Likely

Patch Tuesday

2022-Dec

Released

2022-12-13

EPSS Score

2.99% (percentile: 86.5%)

FAQ

What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

Affected Products (11)

Windows

• Windows 10 Version 1809 for 32-bit Systems
• Windows 10 Version 21H1 for 32-bit Systems
• Windows 10 Version 20H2 for 32-bit Systems
• Windows 10 Version 21H2 for 32-bit Systems
• Windows 10 Version 22H2 for 32-bit Systems
• Windows 10 for 32-bit Systems
• Windows 10 Version 1607 for 32-bit Systems
• Windows 8.1 for 32-bit systems

ESU

• Windows 7 for 32-bit Systems Service Pack 1
• Windows Server 2008 for 32-bit Systems Service Pack 2
• Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Security Updates (10)

• 5021237
• 5021233
• 5021243
• 5021235
• 5021291
• 5021288
• 5021294
• 5021296
• 5021289
• 5021293

Acknowledgments

Anonymous

Revision History

• 2022-12-13: Information published.