CVE-2022-37969
Published: 13 September 2022
Summary
CVE-2022-37969 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 5.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2022-37969 is an elevation-of-privilege vulnerability in the Windows Common Log File System Driver. The flaw is an out-of-bounds write (CWE-787) that receives a CVSS 3.1 score of 7.8 and affects supported Windows releases that include the driver component.
A local attacker with low privileges can exploit the issue without user interaction to obtain full administrative control over the affected system, resulting in complete compromise of confidentiality, integrity, and availability.
Microsoft’s security update guide supplies patches that address the driver flaw; the vulnerability is also listed in CISA’s Known Exploited Vulnerabilities catalog, confirming that in-the-wild exploitation has been observed and that organizations should prioritize remediation.
EPSS scores have reached a peak of 0.1488 with a current value of 0.1279, indicating sustained but not sharply escalating public interest in exploitation since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-40576
Vulnerability details
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- CWE(s)
- KEV Date Added
- 14 September 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of the vendor patches Microsoft released for CVE-2022-37969.
Enforces least-privilege accounts so fewer low-privileged users can reach the vulnerable CLFS driver.
Implements memory-protection mechanisms that can block the out-of-bounds write (CWE-787) exploited by this flaw.