Select Page

Details have emerged about a now-patched security flaw in Windows Common Log File System (CLFS) that could be exploited by an attacker to gain elevated permissions on compromised machines.

Tracked as CVE-2022-37969 (CVSS score: 7.8), the issue was addressed by Microsoft as part of its Patch Tuesday updates for September 2022, while also noting that it was being actively exploited in the wild.

“An attacker must already have access and the ability to run code on the target system,” the company noted in its advisory. “This technique does not allow for remote code execution in cases where the attacker does not already have that ability on the target system.”

It also credited researchers from CrowdStrike, DBAPPSecurity, Mandiant, and Zscaler for reporting the vulnerability without delving into additional specifics surrounding the nature of the attacks.

Now, the Zscaler ThreatLabz researcher team has disclosed that it captured an in-the-wild exploit for the then zero-day on September 2, 2022.

“The cause of the vulnerability is due to the lack of a strict bounds check on the field cbSymbolZone in the Base Record Header for the base log file (BLF) in CLFS.sys,” the cybersecurity firm said in a root cause analysis shared with The Hacker News.

images from Hacker News