Microsoft fixes 0-day CVE-2022-37969 flaw on September 2022 Patch Tuesday

CVE-2022-37969

On September 13, Microsoft released Patch Tuesday to fix 63 security vulnerabilities in Windows and products. Microsoft marked 5 flaws as critical. This patch includes 18 Elevation of Privilege Vulnerabilities, 30 Remote Code Execution Vulnerabilities, 7 Information Disclosure Vulnerabilities, 1 Security Feature Bypass Vulnerability, 7 Denial of Service Vulnerabilities, and 16 Edge Vulnerabilities. Two high-risk flaws have been actively exploited by hackers.

CVE-2022-37969

Two zero-day security vulnerabilities include:

  • CVE-2022-37969: Windows Common Log File System Driver Elevation of Privilege Vulnerability.

    Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Common Log File System Driver component. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.

  • CVE-2022-23960: Cache Speculation Restriction VulnerabilityA paper from the Systems and Network Security Group at Vrije Universiteit Amsterdam reveals how the team rediscovered and exploited speculative execution vulnerabilities in Intel and ARM processors. Researchers have discovered that there is another way to exploit the Spectre-V2 attacks – Branch History Injection (BHI or Spectre-BHB).

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. An attacker must already have access and the ability to run code on the target system. This technique does not allow for remote code execution in cases where the attacker does not already have that ability on the target system,read the security bulletin.

CVE-2022-37969 was reported to Microsoft by researchers at DBAPPSecurity, Mandiant, CrowdStrike, and Zscaler.

The most serious vulnerability exists in several versions of Windows Server and Windows 7/8/10/11 that could allow remote attackers to execute arbitrary code on the system, caused by a flaw in the TCP/IP component.  CVE-2022-34718 (CVSS score:9.8) only affects instances that have IPSec enabled.

We recommend that Windows users install the Microsoft September Patch Tuesday as soon as possible.