Security News > 2022 > October > Researchers Detail Windows Zero-Day Vulnerability Patched Last Month
Details have emerged about a now-patched security flaw in Windows Common Log File System that could be exploited by an attacker to gain elevated permissions on compromised machines.
"The cause of the vulnerability is due to the lack of a strict bounds check on the field cbSymbolZone in the Base Record Header for the base log file in CLFS.sys," the cybersecurity firm said in a root cause analysis shared with The Hacker News.
CLFS is a general-purpose logging service that can be used by software applications running in both user-mode or kernel-mode to record data as well as events and optimize log access.
According to Zscaler, the vulnerability is rooted in a metadata block called base record that's present in a base log file, which is generated when a log file is created using the CreateLogFile() function.
" contains the symbol tables that store information on the various client, container and security contexts associated with the Base Log File, as well as accounting information on these," according to Alex Ionescu, chief architect at Crowdstrike.
As a result, a successful exploitation of CVE-2022-37969 via a specially crafted base log file could lead to memory corruption, and by extension, induce a system crash in a reliable manner.
News URL
https://thehackernews.com/2022/10/researchers-reveal-detail-for-windows.html
Related news
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Patching problems: The “return” of a Windows Themes spoofing vulnerability (source)
- New Windows Themes zero-day gets free, unofficial patches (source)
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-13 | CVE-2022-37969 | Out-of-bounds Write vulnerability in Microsoft products Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |