Microsoft has launched safety fixes for a zero-day vulnerability affecting all supported variations of Home windows that has been exploited in real-world assaults.
The zero-day bug, tracked as CVE-2022-37969, is described as an elevation of privilege flaw within the Home windows Frequent Log File System Driver, a subsystem used for information and occasion logging. The bug permits an attacker to acquire the very best stage of entry, referred to as system privileges, to a susceptible gadget.
Microsoft says customers working Home windows 11 and earlier, and Home windows Server 2008 and Home windows Server 2012, are affected. Home windows 7 may even obtain safety patches, regardless of falling out of assist in 2020.
Microsoft mentioned the flaw requires that an attacker already has entry to a compromised gadget, or the flexibility to run code on the goal system.
“Bugs of this nature are sometimes wrapped into some type of social engineering assault, akin to convincing somebody to open a file or click on a hyperlink,” mentioned Dustin Childs, head of risk intelligence at the Zero Day Initiative (ZDI). “As soon as they do, further code executes with elevated privileges to take over a system.”
Microsoft credited 4 completely different units of researchers from CrowdStrike, DBAPPSecurity, Mandiant and Zscaler for reporting the flaw, which can be a sign of widespread exploitation within the wild.
Dhanesh Kizhakkinan, senior principal vulnerability engineer at Mandiant, instructed TechCrunch that the corporate found the bug “throughout a proactive Offensive Activity Drive exploit searching mission,” including that the exploit seems to be standalone and isn’t a part of an assault chain.
Microsoft didn’t share particulars in regards to the assaults exploiting this vulnerability and didn’t reply to our request for remark.
The fixes arrived as a part of Microsoft’s recurrently scheduled month-to-month launch of safety fixes, dubbed Patch Tuesday, which features a whole of 63 vulnerabilities in numerous Microsoft merchandise, together with Microsoft Edge, Workplace and Home windows Defender.
Microsoft additionally launched patches for a second zero-day flaw, tracked as CVE-2022-23960, which it describes as a cache hypothesis vulnerability referred to as “Spectre-BHB” affecting Home windows 11 for ARM-based techniques. Spectre-BHB is a variant of the Spectre v2 vulnerability, which might enable attackers to steal information from reminiscence.
Earlier this week, Apple moved to patch a zero-day below lively assault in iOS and macOS.