Security News > 2022 > October > Researchers Detail Windows Zero-Day Vulnerability Patched Last Month

Details have emerged about a now-patched security flaw in Windows Common Log File System that could be exploited by an attacker to gain elevated permissions on compromised machines.

"The cause of the vulnerability is due to the lack of a strict bounds check on the field cbSymbolZone in the Base Record Header for the base log file in CLFS.sys," the cybersecurity firm said in a root cause analysis shared with The Hacker News.

CLFS is a general-purpose logging service that can be used by software applications running in both user-mode or kernel-mode to record data as well as events and optimize log access.

According to Zscaler, the vulnerability is rooted in a metadata block called base record that's present in a base log file, which is generated when a log file is created using the CreateLogFile() function.

" contains the symbol tables that store information on the various client, container and security contexts associated with the Base Log File, as well as accounting information on these," according to Alex Ionescu, chief architect at Crowdstrike.

As a result, a successful exploitation of CVE-2022-37969 via a specially crafted base log file could lead to memory corruption, and by extension, induce a system crash in a reliable manner.

News URL

https://thehackernews.com/2022/10/researchers-reveal-detail-for-windows.html