“Microsoft patched CVE-2022-37969, an elevation of privilege vulnerability in the Windows Common Log File System (CLFS) Driver. According to Microsoft, this flaw has been exploited in the wild as a zero-day. However, exploiting this vulnerability requires an attacker to have already gained access to a vulnerable target system via other means, such as exploiting a separate vulnerability or social engineering. Post-exploitation flaws such as this one are often exploited through a specially crafted application. CVE-2022-24521, a similar vulnerability in CLFS, was patched earlier this year as part of Microsoft’s April Patch Tuesday release and was also exploited in the wild. CVE-2022-37969 was disclosed by several groups, though it’s unclear if CVE-2022-37969 is a patch bypass for CVE-2022-24521 at this point. — Satnam Narang, Sr. Staff Research Engineer at Tenable
