NopSec.com uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites, NopSec.com’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to NopSec.com, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.

Acknowledge
More Menu Less Menu
Schedule a Demo
NopSec_Resource_JustInTime_Generic_1
Just in Time

Just in Time Bulletin: CVE-2022-37969 Windows CLFS Driver Privilege Escalation

Sep 16, 2022

What is CVE-2022-37969? 

CVE-2022-37969 is a privilege escalation vulnerability that impacts Windows Common Log File System (CLFS). CLFS is a general-purpose logging service that can be used by software clients running in user-mode or kernel-mode for building high-performance transaction logs. 

Exploitation of this vulnerability requires an attacker to already have a foothold on a victim machine and the ability to execute commands. Microsoft patched a number of more critical vulnerabilities on Patch Tuesday; however, CVE-2022-37969 was publicly disclosed prior to the patch being released, which makes it a strong candidate for exploitation and inclusion in malware. Successful exploitation would enable an attacker to elevate privileges to that of SYSTEM, which grants access to all system resources, including credential data. 

How bad is this?

CVE CVSSv3 Score
CVE-2022-37969 7.8

Active exploitation today: Actively exploited in the wild prior to patch availability 

Severity: High

  • Requires an attacker to already have access to a victim machine
  • Exploitation facilitates SYSTEM access rights
  • Exploited in the wild, low level of complexity 

Who is affected by this? 

  • All Windows versions from 7 to Server 2022

How is it exploited? 

Exploitation can be accomplished with a crafted malicious executable. 

Am I at risk?

Version Patch
Windows 2012 R2 Server  https://support.microsoft.com/help/5017367
Windows 2012 https://support.microsoft.com/help/5017370
Windows Server 2008 R2 https://support.microsoft.com/help/5017361
Windows Server 2008 https://support.microsoft.com/help/5017358
Windows RT 8.1 https://support.microsoft.com/help/5017367
Windows 7 https://support.microsoft.com/help/5017361
Windows Server 2016  https://support.microsoft.com/help/5017305
Windows 10 https://support.microsoft.com/help/5017327
Windows 11 https://support.microsoft.com/help/5017328
Windows Server 2022 https://support.microsoft.com/help/5017316
Windows Server 2019 https://support.microsoft.com/help/5017315

How do I protect myself? 

Microsoft has released a cumulative security patch to address CVE-2022-37969.

Mitigating factors? 

There are presently no mitigating measures to reduce the risk short of applying the recommended patch.

Additional Resources: 

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969

Resources
Read more from NopSec's cyber threat exposure management and cybersecurity experts.
Read All