Microsoft has rated the previously exploited CVE-2022-37969 as being of high-severity, so now might be a good time to patch (264 words).
What: New technical details and proof-of-concept code have become available on a zero-day bug in the Windows Common Log File System Driver (CLFS.sys) that Microsoft addressed in its September 2022 security update (CVE-2022-37969)
Why it matters: The high-severity bug gives attackers a way to gain system level privileges on affected systems. Exploit activity targeting the bug began before Microsoft released a patch for it. It could increase now that technical information on the bug—and a PoC for exploiting it—has become publicly available.
The details in brief:
On Oct. 14 security vendor Zscaler released a detailed technical analysis CVE-2022-3796. According to the company:
It captured an in-the-wild exploit targeting the flaw on Sept 2 and reported the issue to Microsoft, which issued a patch for the vulnerability in its Sept. 2022 update.
The vulnerability is the result of improper bounds checking for the cbSymbolZone field in the Base Record Header for the base log file (BLF) in CLFS.sys. An attacker can use it to trigger an out-of-bounds write (CW-787) and cause a BSOD crash. Attackers can also use to vulnerability to escalate privileges on Windows 10 and Windows 11 systems that have not been patched.
Organizations can protect themselves by upgrading to the latest version of the affected product. For a full list, see here.
TL/DR
