Microsoft did not share details about the attacks exploiting this vulnerability and did not respond to our request for comment. Microsoft credited four different sets of researchers from CrowdStrike, DBAPPSecurity, Mandiant and Zscaler for reporting the flaw, which may be an indication of widespread exploitation in the wild.ĭhanesh Kizhakkinan, senior principal vulnerability engineer at Mandiant, told TechCrunch that the company discovered the bug “during a proactive Offensive Task Force exploit hunting mission,” adding that the exploit appears to be standalone and is not part of an attack chain. “Once they do, additional code executes with elevated privileges to take over a system.” “Bugs of this nature are often wrapped into some form of social engineering attack, such as convincing someone to open a file or click a link,” said Dustin Childs, head of threat intelligence at the Zero Day Initiative (ZDI). Microsoft said the flaw requires that an attacker already has access to a compromised device, or the ability to run code on the target system. Windows 7 will also receive security patches, despite falling out of support in 2020. Microsoft says users running Windows 11 and earlier, and Windows Server 2008 and Windows Server 2012, are affected. The bug allows an attacker to obtain the highest level of access, known as system privileges, to a vulnerable device. The zero-day bug, tracked as CVE-2022-37969, is described as an elevation of privilege flaw in the Windows Common Log File System Driver, a subsystem used for data and event logging. Microsoft has released security fixes for a zero-day vulnerability affecting all supported versions of Windows that has been exploited in real-world attacks.
0 kommentar(er)
