CISA orders agencies to patch new Windows zero-day used in attacks

12-Jul-22

On its list of defects that have been used in the wild, CISA has now included a locally elevated privilege vulnerability in the Windows Client/Server Runtime Subsystem. Microsoft patched it as part of the July 2022 Patch Tuesday and labelled it a zero-day because attacks took use of it before a remedy was available.

The Microsoft Threat Intelligence Center and Microsoft Security Response Center, according to Redmond, found the issue internally. Read More…