CVE-2022-37969 | ByteOS Network

Vulnerability Details :

CVE-2022-37969

Assigner-microsoft

Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8

Published At-13 Sep, 2022 | 18:42

Updated At-30 Jul, 2025 | 01:37

Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability

Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Known Exploited Vulnerabilities (KEV)

Vendor:

Microsoft Corporation

Product:Windows

Added At:14 Sep, 2022

Due At:05 Oct, 2022

Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability

Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

Used in Ransomware

:

Unknown

CWE

:

Required Action:

Apply updates per vendor instructions.

Additional Notes:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37969; https://nvd.nist.gov/vuln/detail/CVE-2022-37969

▼Common Vulnerabilities and Exposures (CVE)

Assigner:microsoft

Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8

Published At:13 Sep, 2022 | 18:42

Updated At:30 Jul, 2025 | 01:37

▼CVE Numbering Authority (CNA)

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Affected Products

Vendor

Microsoft Corporation

Product

Windows 10 Version 1809

Platforms

32-bit Systems
x64-based Systems

Versions

Affected

From 10.0.17763.0 before 10.0.17763.3406 (custom)

Vendor

Microsoft Corporation

Product

Windows 10 Version 1809

Platforms

ARM64-based Systems

Versions

Affected

From 10.0.0 before 10.0.17763.3406 (custom)

Vendor

Microsoft Corporation

Product

Windows Server 2019

Platforms

x64-based Systems

Versions

Affected

From 10.0.17763.0 before 10.0.17763.3406 (custom)

Vendor

Microsoft Corporation

Product

Windows Server 2019 (Server Core installation)

Platforms

x64-based Systems

Versions

Affected

From 10.0.17763.0 before 10.0.17763.3406 (custom)

Vendor

Microsoft Corporation

Product

Windows 10 Version 21H1

Platforms

x64-based Systems
ARM64-based Systems
32-bit Systems

Versions

Affected

From 10.0.0 before 10.0.19043.2006 (custom)

Vendor

Microsoft Corporation

Product

Windows Server 2022

Platforms

x64-based Systems

Versions

Affected

From 10.0.20348.0 before 10.0.20348.1006 (custom)

Vendor

Microsoft Corporation

Product

Windows 10 Version 20H2

Platforms

32-bit Systems
ARM64-based Systems

Versions

Affected

From 10.0.0 before 10.0.19042.2006 (custom)

Vendor

Microsoft Corporation

Product

Windows 11 version 21H2

Platforms

x64-based Systems
ARM64-based Systems

Versions

Affected

From 10.0.0 before 10.0.22000.978 (custom)

Vendor

Microsoft Corporation

Product

Windows 10 Version 21H2

Platforms

32-bit Systems
ARM64-based Systems
x64-based Systems

Versions

Affected

From 10.0.19043.0 before 10.0.19044.2006 (custom)

Vendor

Microsoft Corporation

Product

Windows 10 Version 1507

Platforms

32-bit Systems
x64-based Systems

Versions

Affected

From 10.0.10240.0 before 10.0.10240.19444 (custom)

Vendor

Microsoft Corporation

Product

Windows 10 Version 1607

Platforms

32-bit Systems
x64-based Systems

Versions

Affected

From 10.0.14393.0 before 10.0.14393.5356 (custom)

Vendor

Microsoft Corporation

Product

Windows Server 2016

Platforms

x64-based Systems

Versions

Affected

From 10.0.14393.0 before 10.0.14393.5356 (custom)

Vendor

Microsoft Corporation

Product

Windows Server 2016 (Server Core installation)

Platforms

x64-based Systems

Versions

Affected

From 10.0.14393.0 before 10.0.14393.5356 (custom)

Vendor

Microsoft Corporation

Product

Platforms

32-bit Systems

Versions

Affected

From 6.1.0 before 6.1.7601.26115 (custom)

Vendor

Microsoft Corporation

Product

Windows 7 Service Pack 1

Platforms

x64-based Systems

Versions

Affected

From 6.1.0 before 6.1.7601.26115 (custom)

Vendor

Microsoft Corporation

Product

Platforms

32-bit Systems
x64-based Systems
ARM64-based Systems

Versions

Affected

From 6.3.0 before 6.3.9600.20571 (custom)

Vendor

Microsoft Corporation

Product

Windows Server 2008 Service Pack 2

Platforms

32-bit Systems

Versions

Affected

From 6.0.6003.0 before 6.0.6003.21666 (custom)

Vendor

Microsoft Corporation

Product

Windows Server 2008 Service Pack 2 (Server Core installation)

Platforms

32-bit Systems
x64-based Systems

Versions

Affected

From 6.0.6003.0 before 6.0.6003.21666 (custom)

Vendor

Microsoft Corporation

Product

Windows Server 2008 Service Pack 2

Platforms

x64-based Systems

Versions

Affected

From 6.0.6003.0 before 6.0.6003.21666 (custom)

Vendor

Microsoft Corporation

Product

Windows Server 2008 R2 Service Pack 1

Platforms

x64-based Systems

Versions

Affected

From 6.1.7601.0 before 6.1.7601.26115 (custom)

Vendor

Microsoft Corporation

Product

Windows Server 2008 R2 Service Pack 1 (Server Core installation)

Platforms

x64-based Systems

Versions

Affected

From 6.1.7601.0 before 6.1.7601.26115 (custom)

Vendor

Microsoft Corporation

Product

Windows Server 2012

Platforms

x64-based Systems

Versions

Affected

From 6.2.9200.0 before 6.2.9200.23865 (custom)

Vendor

Microsoft Corporation

Product

Windows Server 2012 (Server Core installation)

Platforms

x64-based Systems

Versions

Affected

From 6.2.9200.0 before 6.2.9200.23865 (custom)

Vendor

Microsoft Corporation

Product

Windows Server 2012 R2

Platforms

x64-based Systems

Versions

Affected

From 6.3.9600.0 before 6.3.9600.20571 (custom)

Vendor

Microsoft Corporation

Product

Windows Server 2012 R2 (Server Core installation)

Platforms

x64-based Systems

Versions

Affected

From 6.3.9600.0 before 6.3.9600.20571 (custom)

Problem Types

Type	CWE ID	Description
Impact	N/A	Elevation of Privilege

Type: Impact

CWE ID: N/A

Description: Elevation of Privilege

Metrics

Version	Base score	Base severity	Vector
3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Version: 3.1

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

References

Hyperlink	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969	vendor-advisory

Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969

Resource:

vendor-advisory

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Metrics Other Info

kev

dateAdded:

2022-09-14

reference:

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-37969

Timeline

Event	Date
CVE-2022-37969 added to CISA KEV	2022-09-14 00:00:00

Event: CVE-2022-37969 added to CISA KEV

Date: 2022-09-14 00:00:00

2. CVE Program Container

References

Hyperlink	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969	vendor-advisory x_transferred

Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969

Resource:

vendor-advisory

x_transferred

▼National Vulnerability Database (NVD)

Source:secure@microsoft.com

Published At:13 Sep, 2022 | 19:15

Updated At:18 Feb, 2025 | 15:05

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CISA Catalog

Date Added	Due Date	Vulnerability Name	Required Action
2022-09-14	2022-10-05	Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability	Apply updates per vendor instructions.

Date Added: 2022-09-14

Due Date: 2022-10-05

Vulnerability Name: Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability

Required Action: Apply updates per vendor instructions.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CPE Matches

Microsoft Corporation

>>windows_10_1507>>Versions before 10.0.10240.19444(exclusive)

cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10_1607>>Versions before 10.0.14393.5356(exclusive)

cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10_1809>>Versions before 10.0.17763.3406(exclusive)

cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10_20h2>>Versions before 10.0.19042.2006(exclusive)

cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10_21h1>>Versions before 10.0.19043.2006(exclusive)

cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10_21h2>>Versions before 10.0.19044.2006(exclusive)

cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_11_21h2>>Versions before 10.0.22000.978(exclusive)

cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*

Microsoft Corporation

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

Microsoft Corporation

>>windows_8.1>>-

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_rt_8.1>>-

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>-

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>r2

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

Microsoft Corporation

>>windows_server_2012>>-

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2012>>r2

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2016>>Versions before 10.0.14393.5356(exclusive)

cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2019>>Versions before 10.0.17763.3406(exclusive)

cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2022>>Versions before 10.0.20348.1006(exclusive)

cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-787	Primary	nvd@nist.gov

CWE ID: CWE-787

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969	secure@microsoft.com	Patch Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory

Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969

Source: secure@microsoft.com

Resource:

Patch

Vendor Advisory

Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Patch

Vendor Advisory