Just in Time Bulletin: CVE-2022-37969 Windows CLFS Driver Privilege Escalation
What is CVE-2022-37969?
CVE-2022-37969 is a privilege escalation vulnerability that impacts Windows Common Log File System (CLFS). CLFS is a general-purpose logging service that can be used by software clients running in user-mode or kernel-mode for building high-performance transaction logs.
Exploitation of this vulnerability requires an attacker to already have a foothold on a victim machine and the ability to execute commands. Microsoft patched a number of more critical vulnerabilities on Patch Tuesday; however, CVE-2022-37969 was publicly disclosed prior to the patch being released, which makes it a strong candidate for exploitation and inclusion in malware. Successful exploitation would enable an attacker to elevate privileges to that of SYSTEM, which grants access to all system resources, including credential data.
How bad is this?
Active exploitation today: Actively exploited in the wild prior to patch availability
- Requires an attacker to already have access to a victim machine
- Exploitation facilitates SYSTEM access rights
- Exploited in the wild, low level of complexity
Who is affected by this?
- All Windows versions from 7 to Server 2022
How is it exploited?
Exploitation can be accomplished with a crafted malicious executable.
Am I at risk?
|Windows 2012 R2 Server||https://support.microsoft.com/help/5017367|
|Windows Server 2008 R2||https://support.microsoft.com/help/5017361|
|Windows Server 2008||https://support.microsoft.com/help/5017358|
|Windows RT 8.1||https://support.microsoft.com/help/5017367|
|Windows Server 2016||https://support.microsoft.com/help/5017305|
|Windows Server 2022||https://support.microsoft.com/help/5017316|
|Windows Server 2019||https://support.microsoft.com/help/5017315|
How do I protect myself?
Microsoft has released a cumulative security patch to address CVE-2022-37969.
There are presently no mitigating measures to reduce the risk short of applying the recommended patch.