Security News > 2022 > September > Microsoft fixes exploited zero-day in the Windows CLFS Driver (CVE-2022-37969)
September 2022 Patch Tuesday is here, with fixes for 64 CVE-numbered vulnerabilities in various Microsoft products, including one zero-day exploited by attackers.
CVE-2022-37969 is an elevation of privilege vulnerability in the Windows Common Log File System Driver, and an attacker must already have access and the ability to run code on the target system before trying to trigger it.
CVE-2022-37969 was disclosed by researchers from four different security companies and this, according to Zero Day Initiative's Dustin Childs, means that it's likely that the attacks in which it's exploited are not just targeted.
Childs advises admins to also prioritize fixing CVE-2022-34724, a Windows DNS Server Denial of Service Vulnerability, due to its potential impact to enterprise resources; and CVE-2022-34718, a RCE vulnerability in Windows TCP/IP that could be triggered without user interaction.
Microsoft has also patched two RCEs in the Windows Internet Key Exchange Protocol that could also be exploited via a specially crafted IP packet if the target machine has IPSec enabled.
Finally, there's a fix for a cache speculation vulnerability known as Spectre-BHB affecting Windows 11 for ARM64-based Systems, critical fixes for several SharePoint RCEs, and even for a PowerPoint RCE that can be exploited if an attacker tricks users into downloading and opening a specially crafted presentation file.
News URL
https://www.helpnetsecurity.com/2022/09/13/cve-2022-37969/
Related news
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- Microsoft lifts Windows 11 update block for some AutoCAD users (source)
- Microsoft replacing Remote Desktop app with Windows App in May (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Microsoft: Recent Windows updates make USB printers print random text (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Microsoft: March Windows updates mistakenly uninstall Copilot (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-13 | CVE-2022-37969 | Out-of-bounds Write vulnerability in Microsoft products Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
| 2022-09-13 | CVE-2022-34724 | Unspecified vulnerability in Microsoft products Windows DNS Server Denial of Service Vulnerability | 0.0 |
| 2022-09-13 | CVE-2022-34718 | Unspecified vulnerability in Microsoft products Windows TCP/IP Remote Code Execution Vulnerability | 0.0 |