Microsoft said on Tuesday that its security experts have discovered zero-day exploits of a key flaw in its flagship Windows platform.
Microsoft provided a patch for the most recent zero-day vulnerability in the September Patch Tuesday releases and cautioned that attackers are already abusing the vulnerability to acquire SYSTEM rights on fully patched Windows machines. Microsoft issued a bulletin recognizing the existence of the flaw in Windows Common Log File System (CLFS), a data and event recording subsystem.
The vulnerability, identified as CVE-2022-37969, was reported to Microsoft by four separate entities, indicating that it was exploited in a chain of events tied to restricted, focused assaults. The updates address at least 64 new vulnerabilities in a variety of Windows and operating system components.
Read More: Microsoft Raises Alert for Under-Attack Windows Flaw