A few days ago, Microsoft posted new updates for its products, and even Windows 7 is entitled to its patch to fix a zero-day security flaw associated with the reference CVE-2022-37969.
Support for Windows 7 ended on January 14, 2020, yet Microsoft made an exception to that rule by releasing a publicly available patch for the zero-day security flaw. CVE-2022-37969. This update is also available for Windows Server 2008 R2.
The download is made through the Microsoft Update catalog in order to obtain the MSU installation package. For integration in a WSUS server, the procedure is different (see my course on this subject).
Within the September 2022 Patch Tuesday, Microsoft fixed 63 vulnerabilities as well as two zero-day flaws, including this one. The Redmond firm indicates that this vulnerability affects all versions of Windows and Windows Server, and that it is exploited in the context of cyberattacks.
The vulnerability CVE-2022-37969 is located in Windows Common Log File System Driver. To exploit it, an attacker must have local access on the machine and this will allow him to obtain SYSTEM privileges on the local machine, in the event that he manages to exploit the vulnerability. The discovery of this vulnerability is credited to researchers at DBAPPSecurity, Mandiant, CrowdStrike, and Zscaler.
Online course on WSUS
Since we are talking about updates, I take this opportunity to remind you, once again, that the new course entitled “WSUS – Enterprise Update Management” is online! It is freely available on the site. In addition, it is available au format eBook (6,99 euros) for those who prefer this format (this is an opportunity to support IT-Connect!).
Logiciel – OS,Sécurité,Microsoft,Mise à jour,Windows 7,