Home Security Researchers Reveal Element for Home windows Zero-Day Vulnerability Patched Final Month

Researchers Reveal Element for Home windows Zero-Day Vulnerability Patched Final Month

by crpt os


Details have emerged about a now-patched security flaw in Windows Common Log File System (CLFS) that could be exploited by an attacker to gain elevated permissions on compromised machines.

Tracked as CVE-2022-37969 (CVSS score: 7.8), the issue was addressed by Microsoft as part of its Patch Tuesday updates for September 2022, while also noting that it was being actively exploited in the wild.

“An attacker must already have access and the ability to run code on the target system,” the company noted in its advisory. “This technique does not allow for remote code execution in cases where the attacker does not already have that ability on the target system.”

It also credited researchers from CrowdStrike, DBAPPSecurity, Mandiant, and Zscaler for reporting the vulnerability without delving into additional specifics surrounding the nature of the attacks.

CyberSecurity

Now, the Zscaler ThreatLabz researcher team has disclosed that it captured an in-the-wild exploit for the then zero-day on September 2, 2022.

“The cause of the vulnerability is due to the lack of a strict bounds check on the field cbSymbolZone in the Base Record Header for the base log file (BLF) in CLFS.sys,” the cybersecurity firm said in a root cause analysis shared with The Hacker News.

“If the field cbSymbolZone is set to an invalid offset, an out-of-bounds write will occur at the invalid offset.”

Windows Zero-Day Vulnerability

CLFS is a general-purpose logging service that can be used by software applications running in both user-mode or kernel-mode to record data as well as events and optimize log access.

Some of the use cases associated with CLFS include online transaction processing (OLTP), network events logging, compliance audits, and threat analysis.

According to Zscaler, the vulnerability is rooted in a metadata block called base record that’s present in a base log file, which is generated when a log file is created using the CreateLogFile() function.

CyberSecurity

“[Base record] contains the symbol tables that store information on the various client, container and security contexts associated with the Base Log File, as well as accounting information on these,” according to Alex Ionescu, chief architect at Crowdstrike.

As a result, a successful exploitation of CVE-2022-37969 via a specially crafted base log file could lead to memory corruption, and by extension, induce a system crash (aka blue screen of death or BSoD) in a reliable manner.

That said, a system crash is just one of the outcomes that arises out of leveraging the vulnerability, for it could also be weaponized to achieve privilege escalation.

Zscaler has further made available proof-of-concept (PoC) instructions to trigger the security hole, making it essential that users of Windows upgrade to the latest version to mitigate potential threats.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex