all InfoSec news
Technical Analysis of Windows CLFS Zero-Day Vulnerability CVE-2022-37969 – Part 1: Root Cause Analysis
Security Boulevard securityboulevard.com
On September 2, 2022, Zscaler Threatlabz captured an in-the-wild 0-day exploit in the Windows Common Log File System Driver (CLFS.sys) and reported this discovery to Microsoft. In the September Tuesday patch, Microsoft fixed this vulnerability that was identified as CVE-2022-37969, which is a Windows Common Log File System Driver elevation of privilege vulnerability. An attacker who successfully exploits this vulnerability may gain SYSTEM privileges. The 0-day exploit can execute the privilege escalation successfully on Windows 10 and Windows 11 prior …
analysis clfs cve cve-2022-37969 root root cause analysis technical technical analysis vulnerability windows zero-day zero-day vulnerability