Cyber Resilience

CVE-2022-37969

HighCISA KEVActive ExploitationEUVD Exploited

Published: 13 September 2022

Published
13 September 2022
Modified
12 January 2026
KEV Added
14 September 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1279 94.2th percentile
Risk Priority 43 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-37969 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 5.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2022-37969 is an elevation-of-privilege vulnerability in the Windows Common Log File System Driver. The flaw is an out-of-bounds write (CWE-787) that receives a CVSS 3.1 score of 7.8 and affects supported Windows releases that include the driver component.

A local attacker with low privileges can exploit the issue without user interaction to obtain full administrative control over the affected system, resulting in complete compromise of confidentiality, integrity, and availability.

Microsoft’s security update guide supplies patches that address the driver flaw; the vulnerability is also listed in CISA’s Known Exploited Vulnerabilities catalog, confirming that in-the-wild exploitation has been observed and that organizations should prioritize remediation.

EPSS scores have reached a peak of 0.1488 with a current value of 0.1279, indicating sustained but not sharply escalating public interest in exploitation since disclosure.

EU & UK References

Vulnerability details

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
14 September 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.19444
microsoft
windows 10 1607
≤ 10.0.14393.5356
microsoft
windows 10 1809
≤ 10.0.17763.3406
microsoft
windows 10 20h2
≤ 10.0.19042.2006
microsoft
windows 10 21h1
≤ 10.0.19043.2006
microsoft
windows 10 21h2
≤ 10.0.19044.2006
microsoft
windows 11 21h2
≤ 10.0.22000.978
microsoft
windows 7
all versions
microsoft
windows 8.1
all versions
microsoft
windows rt 8.1
all versions
+5 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of the vendor patches Microsoft released for CVE-2022-37969.

prevent

Enforces least-privilege accounts so fewer low-privileged users can reach the vulnerable CLFS driver.

prevent

Implements memory-protection mechanisms that can block the out-of-bounds write (CWE-787) exploited by this flaw.

References