Overview 

Microsoft patched a zero-day vulnerability this week that is now being tracked as CVE-2022-37969. The bug is an elevation of privilege vulnerability in the Windows Common Log File System Driver with a severity rating of 7.8. Microsoft confirmed that there is an exploit code available in the wild.  

Windows Common Log File System Driver is the subsystem used for data and event logging. CVE-2022-37969 could allow for an attacker to gain system privileges and take over a machine. To exploit the vulnerability, an attacker would need to have access to their target’s system and the ability to run code on the system. An attacker could use malware that exploits a different vulnerability or use a basic social engineering phishing attack to gain system privileges.  

CVE-2022-37969 is not a complex vulnerability, and it requires no other user interaction – meaning it is only a matter of time before it is exploited. Users running Windows 11 and older, as well as Windows Server 2008 and 2012, are affected. Despite Windows 7 being an end of life, the version will be patched as well. The Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to their list of exploited bugs and advised that users patch CVE-2022-37969 as soon as possible.  

 

 

How Avertium is Protecting Our Customers:

  • Avertium offers Zero Trust Architecture, like AppGate, to stop malware lateral movement.
      
  • Avertium offers user awareness training through KnowBe4. The service also includes Incident Response Table-Top exercises (IR TTX) and Core Security Document development, as well as a comprehensive new-school approach that integrates baseline testing using mock attacks.  
  • Minimizing the impact of a successful ransomware attack requires detecting it as early in the attack as possible. A Security Information and Event Management (SIEM) system can help an organization to accomplish this. Avertium offers a comprehensive SIEM-based approach that increases the potential for detecting a ransomware infection before it deploys. SIEM provides a holistic overview of a company’s IT environment from a single point of view in terms of its specific security events, empowering teams to detect and analyze unusual behavior. 

 

 

Avertium's recommendations

  • Avertium recommends that you apply the appropriate updates for CVE-2022-37969 as soon as possible. You can find guidance here.  
  • Because this kind of vulnerability is likely to be integrated into some kind of social engineering attack, it’s important to not click on suspicious links or open documents without vetting the sender.  




 INDICATOR'S OF COMPROMISE (IOCS):

At this time, there are no known IoCs associated with CVE-2022-37969. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   




 

Supporting documentation

Microsoft Confirms New Windows Zero-Day CVE-2022-379699: Patch Tuesday (forbes.com) 

🔃 Security Update Guide - Loading - Microsoft 

Microsoft patches a new zero-day affecting all versions of Windows | TechCrunch 

 

 

 

 

Related Reading: Apple Fixes 8th Zero-Day Vulnerability

 

Contact us for more information about Avertium’s managed security service capabilities.