all InfoSec news
Activation Context Cache Poisoning: Exploiting CSRSS for Privilege Escalation
Zero Day Initiative - Blog www.zerodayinitiative.com
Starting in July of 2022, the Windows CSRSS process entered the consciousness of the infosec community as the source of several local privilege escalation vulnerabilities in Microsoft Windows. The first public information appeared on July 12 with the release of the patch for CVE-2022-22047, which was being actively exploited. Shortly thereafter, Microsoft published an article providing some technical details and revealing that the threat actor involved was an Austrian hack-for-hire group tracked by Microsoft as KNOTWEED. Fortuitously, these developments …
actively exploited actor article blog post cache cache poisoning community context csrss cve cve-2022-22047 escalation exploited exploiting hack hack-for-hire hire information infosec infosec community july local local privilege escalation microsoft microsoft windows patch poisoning privilege privilege escalation process public release technical threat threat actor vulnerabilities windows