{"id":270637,"date":"2022-07-19T00:20:16","date_gmt":"2022-07-18T22:20:16","guid":{"rendered":"https:\/\/www.borncity.com\/blog\/?p=270637"},"modified":"2022-07-19T00:25:27","modified_gmt":"2022-07-18T22:25:27","slug":"cisa-windows-schwachstelle-cve-2022-22047-muss-bis-2-august-2022-gepatcht-sein","status":"publish","type":"post","link":"https:\/\/borncity.com\/blog\/2022\/07\/19\/cisa-windows-schwachstelle-cve-2022-22047-muss-bis-2-august-2022-gepatcht-sein\/","title":{"rendered":"CISA: Windows-Schwachstelle CVE-2022-22047 muss bis 2. August 2022 gepatcht sein"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" title=\"Windows\" src=\"https:\/\/borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Windows-klein.jpg\" alt=\"Windows\" width=\"200\" align=\"left\" \/>[<a href=\"https:\/\/borncity.com\/win\/2022\/07\/19\/cisa-windows-schwachstelle-cve-2022-22047-muss-bis-2-august-2022-gepatcht-sein\/\" target=\"_blank\" rel=\"noopener\">English<\/a>]Die US-Cybersicherheitsbeh\u00f6rde CISA hat US-Institutionen eine Frist bis zum 2. August 2022 gesetzt, bis zu der die mit einem CVSS-Index von 7.8 eingestufte Schwachstelle CVE-2022-22047 beseitigt sein muss. Diese Schwachstelle im Client Server Runtime Subsystem (CSRSS) tangiert praktische alle Windows-Versionen und wurde mit den Juli 2022-Updates beseitigt.<\/p>\n<p><!--more--><\/p>\n<h2>Die Schwachstelle CVE-2022-22047<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg04.met.vgwort.de\/na\/01a03bf7af4b432db5f7fab66b62e3ad\" alt=\"\" width=\"1\" height=\"1\" \/>Bei <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-22047\" target=\"_blank\" rel=\"noopener\">CVE-2022-22047<\/a> handelt es sich um ein Elevation of Privilege-Schwachstelle im Client Server Runtime Subsystem (CSRSS). Ein (lokaler) Angreifer, der diese Sicherheitsl\u00fccke erfolgreich ausnutzt, k\u00f6nnte SYSTEM-Rechte erlangen. Die Schwachstelle wird laut Microsoft bereits ausgenutzt. Betroffen sind faktisch alle Windows-Versionen (Client und Server):<\/p>\n<ul>\n<li>Windows Server 2012\/R2: <a href=\"https:\/\/support.microsoft.com\/help\/5015874\" target=\"_blank\" rel=\"noopener\">KB5015874<\/a> Monthly Rollup<\/li>\n<li>Windows Server 2012\/R2: <a href=\"https:\/\/support.microsoft.com\/help\/5015877\" target=\"_blank\" rel=\"noopener\">KB5015877<\/a> Security only<\/li>\n<li>Windows Server 2012: <a href=\"https:\/\/support.microsoft.com\/help\/5015863\" target=\"_blank\" rel=\"noopener\">KB5015863<\/a> Monthly Rollup<\/li>\n<li>Windows Server 2012: <a href=\"https:\/\/support.microsoft.com\/help\/5015875\" target=\"_blank\" rel=\"noopener\">KB5015875<\/a> Security only<\/li>\n<li>Windows Server 2008 R2 SP1: <a href=\"https:\/\/support.microsoft.com\/help\/5015861\" target=\"_blank\" rel=\"noopener\">KB5015861<\/a> Monthly Rollup<\/li>\n<li>Windows Server 2008 R2 SP1: <a href=\"https:\/\/support.microsoft.com\/help\/5015862\" target=\"_blank\" rel=\"noopener\">KB5015862<\/a> Security only<\/li>\n<li>Windows Server 2008 SP2: <a href=\"https:\/\/support.microsoft.com\/help\/5015866\" target=\"_blank\" rel=\"noopener\">KB5015866<\/a> Monthly Rollup<\/li>\n<li>Windows Server 2008 SP2: <a href=\"https:\/\/support.microsoft.com\/help\/5015870\" target=\"_blank\" rel=\"noopener\">KB5015870<\/a> Security only<\/li>\n<li>Windows RT 8.1: <a href=\"https:\/\/support.microsoft.com\/help\/5015874\" target=\"_blank\" rel=\"noopener\">KB5015874<\/a> (Monthly Rollup)<\/li>\n<li>Windows 8.1: <a href=\"https:\/\/support.microsoft.com\/help\/5015874\" target=\"_blank\" rel=\"noopener\">KB5015874<\/a> Monthly Rollup<\/li>\n<li>Windows 8.1: <a href=\"https:\/\/support.microsoft.com\/help\/5015877\" target=\"_blank\" rel=\"noopener\">KB5015877<\/a> Security only<\/li>\n<li>Windows 7 SP1: <a href=\"https:\/\/support.microsoft.com\/help\/5015861\" target=\"_blank\" rel=\"noopener\">KB5015861<\/a> Monthly Rollup<\/li>\n<li>Windows 7 SP1: <a href=\"https:\/\/support.microsoft.com\/help\/5015862\" target=\"_blank\" rel=\"noopener\">KB5015862<\/a> Security only<\/li>\n<li>Windows Server 2016: <a href=\"https:\/\/support.microsoft.com\/help\/5015808\" target=\"_blank\" rel=\"noopener\">KB5015808<\/a><\/li>\n<li>Windows 10: <a href=\"https:\/\/support.microsoft.com\/help\/5015832\" target=\"_blank\" rel=\"noopener\">KB5015832<\/a><\/li>\n<li>Windows 10 Version 21H2: <a href=\"https:\/\/support.microsoft.com\/help\/5015807\" target=\"_blank\" rel=\"noopener\">KB5015807<\/a><\/li>\n<li>Windows 11: <a href=\"https:\/\/support.microsoft.com\/help\/5015814\" target=\"_blank\" rel=\"noopener\">KB5015814<\/a><\/li>\n<li>Windows Server 2022: <a href=\"https:\/\/support.microsoft.com\/help\/5015827\" target=\"_blank\" rel=\"noopener\">KB5015827<\/a><\/li>\n<li>Windows Server 2019: <a href=\"https:\/\/support.microsoft.com\/help\/5015811\" target=\"_blank\" rel=\"noopener\">KB5015811<\/a><\/li>\n<li>Windows 10 Version 1809: <a href=\"https:\/\/support.microsoft.com\/help\/5015811\" target=\"_blank\" rel=\"noopener\">KB5015811<\/a><\/li>\n<\/ul>\n<p>Die KB-Nummern geben die betreffenden Updates an, die zum 12. Juli 2022 bereitgestellt wurden.<\/p>\n<h2>CISA-Anweisung: Patchen bis August<\/h2>\n<p>Die US-Cybersicherheitsbeh\u00f6rde hat die Schwachstelle CVE-2022-22047 in die Liste der zu patchenden Bugs aufgenommen (siehe <a href=\"https:\/\/twitter.com\/samilaiho\/status\/1548667353948372998\" target=\"_blank\" rel=\"noopener\">folgender Tweet<\/a>) und fordert, die Systeme bis zum 2. August 2022 zu patchen.<\/p>\n<p><a href=\"https:\/\/twitter.com\/samilaiho\/status\/1548667353948372998\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/i.imgur.com\/btDOr00.png\" \/><\/a><\/p>\n<p>The Record hat <a href=\"https:\/\/therecord.media\/cisa-adds-windows-bug-to-exploited-list-urges-agencies-to-patch-by-august-2\/\" target=\"_blank\" rel=\"noopener\">hier<\/a> noch einige Einsch\u00e4tzungen von Sicherheitsforschern zu dieser Schwachstelle publiziert.<\/p>\n<p><strong>\u00c4hnliche Artikel:<br \/>\n<\/strong><a href=\"https:\/\/borncity.com\/blog\/2022\/07\/06\/microsoft-office-updates-5-juli-2022\/\">Microsoft Office Updates (5. Juli 2022)<\/a><strong><br \/>\n<\/strong><a href=\"https:\/\/borncity.com\/blog\/2022\/07\/12\/microsoft-security-update-summary-12-juli-2022\/\">Microsoft Security Update Summary (12. Juli 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/blog\/2022\/07\/13\/patchday-windows-10-updates-12-juli-2022\/\">Patchday: Windows 10-Updates (12. Juli 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/blog\/2022\/07\/13\/patchday-windows-11-server-2022-updates-12-juli-2022\/\">Patchday: Windows 11\/Server 2022-Updates (12. Juli 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/blog\/2022\/07\/13\/windows-7-server-2008r2-windows-8-1-server-2012r2-updates-12-juli-2022\/\">Windows 7\/Server 2008R2; Windows 8.1\/Server 2012R2: Updates (12. Juli 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/blog\/2022\/07\/14\/patchday-microsoft-office-updates-12-juli-2022\/\">Patchday: Microsoft Office Updates (12. Juli 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/blog\/2022\/07\/15\/microsoft-patchday-nachlese-juli-2022-windows-office\/\">Microsoft Patchday-Nachlese Juli 2022 (Windows, Office)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/blog\/2022\/07\/12\/zerschiet-office-version-2206-build-15330-20246-access-bibliotheken\/\">Zerschie\u00dft Office Version 2206 (Build 15330.20246) Access-Bibliotheken?<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/blog\/2022\/05\/23\/windows-10-microsoft-weitet-suchhervorhebungen-im-suchbereich-aus-19-mai-2022\/\">Windows 10: Microsoft weitet \"Suchhervorhebungen\" im Suchbereich aus (19. Mai 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/blog\/2022\/06\/09\/windows-10-21h2-explorer-taskbar-probleme-und-die-kollision-der-search-highlights-mit-hp-development-company-l-p-extension-8-10-5-34686\/\">Windows 10 21H2: Explorer-\/Taskbar-Probleme und die Kollision der Search Highlights mit \"HP Development Company, L.P. \u2013 Extension \u2013 8.10.5.34686\"<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[English]Die US-Cybersicherheitsbeh\u00f6rde CISA hat US-Institutionen eine Frist bis zum 2. August 2022 gesetzt, bis zu der die mit einem CVSS-Index von 7.8 eingestufte Schwachstelle CVE-2022-22047 beseitigt sein muss. Diese Schwachstelle im Client Server Runtime Subsystem (CSRSS) tangiert praktische alle Windows-Versionen &hellip; <a href=\"https:\/\/borncity.com\/blog\/2022\/07\/19\/cisa-windows-schwachstelle-cve-2022-22047-muss-bis-2-august-2022-gepatcht-sein\/\">Weiterlesen <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[426,185,301,3694,2557],"tags":[8332,4328,4315,3288],"class_list":["post-270637","post","type-post","status-publish","format-standard","hentry","category-sicherheit","category-update","category-windows","category-windows-10","category-windows-server","tag-patchday-7-2022","tag-sicherheit","tag-update","tag-windows-en"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/270637","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=270637"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/270637\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=270637"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=270637"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=270637"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}