We have already written about some of the security patches issued by Microsoft this month, but the company has released a very large number of fixes in total. Included among the fixes is a patch for a security issue deemed so serious that Microsoft has even released a fix for Windows 7, despite security support for the operating system having ended at the beginning of last year.
The vulnerability is tracked as CVE-2022-37969, and is a described as a “Windows Common Log File System Driver Elevation of Privilege Vulnerability”.
See also:
A huge number of versions of Microsoft’s operating system are afflicted by the flaw — Windows Server 2008 and above, and Windows 7 up to Windows 11. The vulnerability is known to have been exploited, and until the patches have had a chance to roll out to as many people as possible, Microsoft is not saying a great deal about the nature of the problem.
In a note in the Microsoft Security Research Center, however, the company warns:
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Microsoft adds:
An attacker must already have access and the ability to run code on the target system. This technique does not allow for remote code execution in cases where the attacker does not already have that ability on the target system.
More information about the vulnerability, as well as links to security updates for all affected versions of Windows and Windows server, can be found here.
Image credit: Eric Glenn / Shutterstock