Microsoft patched a zero-day vulnerability this week that is now being tracked as CVE-2022-37969. The bug is an elevation of privilege vulnerability in the Windows Common Log File System Driver with a severity rating of 7.8. Microsoft confirmed that there is an exploit code available in the wild.
Windows Common Log File System Driver is the subsystem used for data and event logging. CVE-2022-37969 could allow for an attacker to gain system privileges and take over a machine. To exploit the vulnerability, an attacker would need to have access to their target’s system and the ability to run code on the system. An attacker could use malware that exploits a different vulnerability or use a basic social engineering phishing attack to gain system privileges.
CVE-2022-37969 is not a complex vulnerability, and it requires no other user interaction – meaning it is only a matter of time before it is exploited. Users running Windows 11 and older, as well as Windows Server 2008 and 2012, are affected. Despite Windows 7 being an end of life, the version will be patched as well. The Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to their list of exploited bugs and advised that users patch CVE-2022-37969 as soon as possible.
INDICATOR'S OF COMPROMISE (IOCS):
At this time, there are no known IoCs associated with CVE-2022-37969. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.
Related Reading: Apple Fixes 8th Zero-Day Vulnerability