Microsoft Confirms New Windows Zero-Day CVE-2022-37969: Patch Tuesday – Forbes

It’s the second Tuesday of the month, which means that Microsoft
MSFT
started rolling out the latest set of security patches. This Patch Tuesday, there is another zero-day Windows vulnerability already being exploited by attackers, Microsoft has confirmed. Users are encouraged to apply security updates as soon as possible.

In total, some 63 security vulnerabilities were identified and patched this month. Of these, five are flagged as critical and one has been confirmed to be already actively exploited by hackers: CVE-2022-37969

MORE FORBESHacking TikTok account takeover app only needs one click, says MicrosoftBy Davey Winder

What is CVE-2022-37969?

CVE-2022-3796 has a severity rating of 7.8 and affects Windows versions 7 through 11 as well as Windows Server 2008 and 2012.

This is an elevation of privilege vulnerability in the Windows Common Log File System. Microsoft has confirmed that a successful attack could obtain system privileges to take control of the machine and that exploit code is available in the wild.

While exploiting CVE-2022-37969 requires access to the target system and the ability to execute code on it reduces the risk, it does not reduce it to anything approaching zero. A malicious actor will likely use malware that exploits a different vulnerability or a simple “click on a malicious link” phishing attack to gain this access.

Mike Walters, Head of Cybersecurity at Action1, says that “since the vulnerability has low complexity and requires no user interaction, an exploit will likely soon be in the arsenal of both white hats and black hats.” So it is highly recommended to fix this as soon as possible. “Microsoft attributes this bug to four different agencies,” says Zero Day Initiative’s Dustin Childs, “so it’s probably beyond targeted attacks.”

Other vulnerabilities of note this Patch Tuesday

Mike Walters highlights three critical vulnerabilities as another cause for concern. “CVE-2022-34722 and CVE-2022-34721 are both called Windows Internet Key Exchange (IKE) Remote Code Execution Vulnerability protocol extensions, and both have a CVSS
VSS
score of 9.8, making them critical vulnerabilities. They both have low operational complexity and allow threat actors to perform the attack without user interaction.”

But it is CVE-2022-34718, a Windows TCP/IP remote code execution vulnerability that Walters says is more likely to be exploited. “This is a low complexity network attack, but it only affects systems that are running the IPsec service, so if a system does not need the IPsec service, disable it as soon as possible,” concludes -it, “This vulnerability can be exploited in supply chain attacks where contractor and customer networks are connected by an IPsec tunnel. If you have IPsec tunnels in your Windows infrastructure, this update is essential.

MORE FORBESGoogle confirms Chrome Zero-Day #6 as attacks begin, update nowBy Davey Winder