Microsoft has fixed a zero-day vulnerability that affects all supported versions of Windows and has been used in actual attacks.
The Windows Common Log File System Driver, a component used for data and event logging, is affected by the zero-day problem, identified as CVE-2022-37969, classified as an elevation of privilege flaw. The flaw enables an attacker to take complete control of a vulnerable device, often known as system privileges.
Users of Windows 11 and older, as well as Windows Server 2008 and Windows Server 2012, are reportedly impacted. Despite ceasing to receive security updates in 2020, Windows 7 will still get them.
The company also notes that this bug does not pose a significant risk to most users, as it does not affect the latest versions of Windows 10, Windows 8.1, or Windows 7. It is also important to note that this is not a software bug in the traditional sense. Instead, it is a design decision in how the Windows Task Scheduler operates. As such, the company notes that this bug is unlikely to be fixed.
“Bugs of this nature are typically wrapped into some form of social engineering assault, such as enticing somebody to open a folder or select a link,” says Dustin Childs, director of threat intelligence at the Zero Day Initiative (ZDI). When they do, more code with higher privileges starts executing to gain control of the system.
The vulnerability is in Windows’s Remote Procedure Call (RPC) function. Remote Procedure Calls allow one application to request a service from another application. This is a common way for software to enable communication between different programs.
The vulnerability allows an attacker to execute malicious code on a Windows computer remotely. Windows users are advised to update their system as soon as the patch is available.
Essentially, the flaw enables an attacker to bypass authentication on the device and access pfSense settings. The exploit is a physical one that requires an attacker to have physical access to an unpatched pfSense device. This could enable an attacker to cause significant damage or steal data, though it’s worth noting that pfSense devices are primarily used in enterprise environments.
Microsoft did not react to our request for comment and did not provide any information regarding the attacks that used this vulnerability.
The patches were released as part of Microsoft’s monthly security patch release, known as Patch Tuesday, which addresses 63 vulnerabilities in various Microsoft products, including Microsoft Edge, Office, and Windows Defender.
As with Spectre v2, Spectre-BHB targets speculative execution to exploit a vulnerability in computer CPUs. Microsoft says that most of its customers won’t receive this Spectre-BHB patch, although it will be made available for enterprises needing it.
The company recommends upgrading to Windows 10 version 1809 or installing the latest updates to receive the Spectre v2 protection. Those on older operating systems can take additional steps to mitigate the risk.
In addition to the Spectre-BHB vulnerability, Microsoft is releasing a Spectre v2 patch for Windows 7, 8, and 8.1.