“Bugs of this nature are often wrapped into some form of social engineering attack, such as convincing someone to open a file or click a link,” said Dustin Childs, head of threat intelligence at the Zero Day Initiative (ZDI).
Microsoft said the flaw requires that an attacker already has access to a compromised device, or the ability to run code on the target system. Windows 7 will also receive security patches, despite falling out of support in 2020. Microsoft says users running Windows 11 and earlier, and Windows Server 2008 and Windows Server 2012, are affected. The bug allows an attacker to obtain the highest level of access, known as system privileges, to a vulnerable device. The zero-day bug, tracked as CVE-2022-37969, is described as an elevation of privilege flaw in the Windows Common Log File System Driver, a subsystem used for data and event logging. Microsoft has released security fixes for a zero-day vulnerability affecting all supported versions of Windows that has been exploited in real-world attacks.
0 kommentar(er)
