all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Technical Analysis of Windows CLFS Zero-Day Vulnerability CVE-2022-37969 – Part 1: Root Cause Analysis

Add to bookmarks
Oct. 14, 2022, 4:54 p.m. | Kai Lu

Security Boulevard securityboulevard.com

On September 2, 2022, Zscaler Threatlabz captured an in-the-wild 0-day exploit in the Windows Common Log File System Driver (CLFS.sys) and reported this discovery to Microsoft. In the September Tuesday patch, Microsoft fixed this vulnerability that was identified as CVE-2022-37969, which is a Windows Common Log File System Driver elevation of privilege vulnerability. An attacker who successfully exploits this vulnerability may gain SYSTEM privileges. The 0-day exploit can execute the privilege escalation successfully on Windows 10 and Windows 11 prior …

analysis clfs cve cve-2022-37969 root root cause analysis technical technical analysis vulnerability windows zero-day zero-day vulnerability

Visit resource

More from securityboulevard.com / Security Boulevard

What is Proxmox VE – and Why You Should Live Patch It 5 hours ago | securityboulevard.com
address application security attacks business +31
GUEST ESSAY: A primer on how, why ‘dynamic baselining’ fosters accurate DDoS protection 5 hours ago | securityboulevard.com
attacks businesses care center +22
FIN7 Cybercrime Group Strikes US Auto Sector Using Carbanak 6 hours ago | securityboulevard.com
auto automotive automotive industry backdoor +24
RSAC 2024 Innovation Sandbox | Aembit: An IAM Platform for Cloud Workloads 11 hours ago | securityboulevard.com
aembit benchmark blog cloud +20
Tips and stories for your team on World Password Day 16 hours ago | securityboulevard.com
ciso suite click home identity & access +13
Elliptic Shows How an AI Model Can Identify Bitcoin Laundering 16 hours ago | securityboulevard.com
ai ai model analysis bitcoin +24
Why CAPTCHAs Are Not the Future of Bot Detection 16 hours ago | securityboulevard.com
adversarial bot bot detection captcha +14
What to Expect at RSA 2024: Will AI Wreak Havoc on Cybersecurity? 17 hours ago | securityboulevard.com
ai analytics & intelligence ciso suite ciso talk +16
Kaseya Connect Global 2024 Day Two Recap: Embracing AI and Autonomous Automation 17 hours ago | securityboulevard.com
automation autonomous connect connect global +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

SITEC- Systems Security Administrator- Camp HM Smith

@ Peraton | Camp H.M. Smith, HI, United States
View on infosec-jobs.com

Cyberspace Intelligence Analyst

@ Peraton | Fort Meade, MD, United States
View on infosec-jobs.com

General Manager, Cybersecurity, Google Public Sector

@ Google | Virginia, USA; United States
View on infosec-jobs.com

Cyber Security Advisor

@ H&M Group | Stockholm, Sweden
View on infosec-jobs.com

Engineering Team Manager – Security Controls

@ H&M Group | Stockholm, Sweden
View on infosec-jobs.com
View more jobs