\ /

Researchers Detail Windows Zero-Day Vulnerability (CVE-2022-37969 )

A new emergency patch for MS Windows Common Log File System

The Common Log File System (CLFS) is a general-purpose logging subsystem that can be used by applications running in both kernel mode and user mode for building high-performance transaction logs, and is implemented in the driver CLFS.sys. The Common Log File System generates transaction logs in a base log file (BLF). The concepts and terminology introductions for CLFS are specified in the official documentation from Microsoft.

It can cause an attack to allow elevated permissions on compromised machines.

The link of the CVE

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969

The attacker must have ability to run code on the machine

The attacker must have ability to run code on the machine

the Zscaler ThreatLabz researcher team has disclosed that it captured an in-the-wild exploit for the then zero-day on September 2, 2022.

"The cause of the vulnerability is due to the lack of a strict bounds check on the field cbSymbolZone in the Base Record Header for the base log file (BLF) in CLFS.sys," Proof-of-Concept code to trigger CVE-2022-37969 from zscaler

pasted image 0.png

So the result of research is to exploit this attack (CVE-2022-37969). The blue screen, because the log file is taking the computer memory to corrupted, and therefore stops the system from working.

So, it is crucial to update the system to the latest version to prevent such attacks.

comments powered by Disqus