CVE Radar

CVE Radar Logo
CVERadar

Edition used by more than 30,000 companies in more than 150 countries.
Sign Up For Free

CVE-2022-37969

Critical Severity|Microsoft
88
SVRS
7.8
CVSSv3
0.28483
EPSS
TAGS
In The WildExploit AvaliableCISA KEV
VECTOR STRING
CVSS:3.1AV:LAC:LPR:LUI:NS:UC:HI:HA:H
PUBLICATION DATE2022-09-13
LAST MODIFIED2026-01-12

Deep CVE Analysis in Progress

The system is currently conducting an in-depth analysis of the selected CVE. This includes advanced correlation, vulnerability classification, and cross-referencing with real-time threat intelligence sources. Once the analysis is complete, the page will automatically update with enriched vulnerability data and actionable insights.

Security Intelligence Brief

What is this vulnerability and why does it matter?
This vulnerability, identified as CVE-2022-37969, is an Elevation of Privilege flaw affecting the Windows Common Log File System Driver. It matters significantly because an attacker can exploit it to gain higher privileges on a compromised system, potentially achieving full system control. The high CVSS score of 7.8 and the fact that active exploits have been published highlight its critical nature and immediate threat to affected systems.
What are the CVSS score, severity level, and disclosure details?
  • CVSS Score: 7.8
  • Severity Level: High
  • Disclosure Details:
    • Published: 2022-09-13 18:42:12 UTC
    • Modified: 2026-01-12 20:56:32 UTC
Which products, vendors, systems, and versions are affected?
  • Vendor: Microsoft
  • Products: Microsoft Windows operating systems
  • Systems: Systems running the affected versions of the Windows Common Log File System Driver.
  • Versions: Specific affected versions of Microsoft Windows are not detailed in the provided CVE data.
What is the technical root cause and attack vector?
The technical root cause of CVE-2022-37969 is categorized as CWE-787, an Out-of-bounds Write vulnerability. This type of flaw occurs when a program attempts to write data beyond the allocated buffer, potentially corrupting adjacent memory or overwriting critical control structures. The attack vector involves exploiting this memory corruption within the Windows Common Log File System Driver, allowing an attacker with initial low-level access to elevate their privileges to a higher level, such as SYSTEM or administrator.
How can this vulnerability be exploited?
This vulnerability can be exploited by an attacker who has already gained some level of access to an affected Windows system. By leveraging the Out-of-bounds Write flaw in the Common Log File System Driver, the attacker can manipulate memory to achieve arbitrary code execution or overwrite data structures that control system privileges. This leads to an Elevation of Privilege, allowing the attacker to gain elevated permissions beyond their initial access. Active exploits for this vulnerability have been published, indicating that the methods for exploitation are known and being used by malicious actors.
What public intelligence references and advisories exist?
The primary public intelligence reference is the CVE identifier itself: CVE-2022-37969. As this is a vulnerability affecting Microsoft Windows, an official security advisory from Microsoft would also exist, providing detailed information, affected products, and mitigation recommendations.
What is the risk assessment and urgency level?
The risk assessment for CVE-2022-37969 is high. This is primarily due to its CVSS score of 7.8 and its nature as an Elevation of Privilege vulnerability, which can allow an attacker to gain full control over an affected system. The urgency level is critical because active exploits have been published to leverage this vulnerability. This means that malicious actors are already actively targeting and exploiting this flaw in the wild, posing an immediate and severe threat to any unpatched systems. Organizations should prioritize patching this vulnerability immediately.
TypeIndicatorDate
IP
116.55.229.2342020-08-26Search on IOC Radar
TitleSoftware LinkDate
uname1able/CVE-2022-37969https://github.com/uname1able/CVE-2022-379692026-02-20
EmilC3978/CVE-2022-37969PoChttps://github.com/EmilC3978/CVE-2022-37969PoC2025-11-25
fortra/CVE-2022-37969https://github.com/fortra/CVE-2022-379692023-03-09
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2022-379692022-09-14
Windows Common Log File System Driv...https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-379692022-09-13
Ostorlab/KEVhttps://github.com/Ostorlab/KEV2022-04-19
Ostorlab/known_exploited_vulnerbilities_detectorshttps://github.com/Ostorlab/known_exploited_vulnerbilities_detectors2022-04-19
Show All 10 Exploits
SOCRadar Logo

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs
PoC Released for Windows Vulnerability That Allows Attackers to Cause Unrecoverable BSOD Crashes - CybersecurityNews
2026-02-26
PoC Released for Windows Vulnerability That Allows Attackers to Cause Unrecoverable BSOD Crashes - CybersecurityNews | News Content: A proof-of-concept (PoC) exploit has been publicly released for CVE-2026-2636, a newly documented vulnerability in Windows’ Common Log File System (CLFS) driver that allows any low-privileged, unprivileged user to instantly crash a target system into an unrecoverable Blue Screen of Death (BSoD). The vulnerability was discovered by Ricardo Narvaja of Fortra during CLFS-focused vulnerability research and has been classified as a Denial-of-Service (DoS) flaw with a CVSS base score of 5.5. The vulnerability stems from improper
cve-2022-37969cve-2026-2636cve-2024-6768cve-2025-29824
PoC Released for Windows Vulnerability That Allows Attackers to Cause Unrecoverable BSOD Crashes
Guru Baran2026-02-26
PoC Released for Windows Vulnerability That Allows Attackers to Cause Unrecoverable BSOD Crashes | A proof-of-concept (PoC) exploit has been publicly released for CVE-2026-2636, a newly documented vulnerability in Windows’ Common Log File System (CLFS) driver that allows any low-privileged, unprivileged user to instantly crash a target system into an unrecoverable Blue Screen of Death (BSoD). The vulnerability was discovered by Ricardo Narvaja of Fortra during CLFS-focused vulnerability research and […] The post PoC Released for Windows Vulnerability That
cybersecuritynews.comrssforumnews
GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs - GreyNoise
2025-02-26
GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs - GreyNoise | News Content: Key Takeaways GreyNoise has detected active exploitation of 23 of the 62 CVEs mentioned in Black Basta’s leaked chat logs, including vulnerabilities affecting enterprise software, security appliances, and widely used web applications. CVE-2023-6875 is being exploited despite not being listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog, reinforcing the need for real-time intelligence beyond static lists. Some of these CVEs have been actively exploited in just the past 24 hours, including critical flaws in Palo Alto PAN-OS, JetBrains TeamCity, Microsoft
rssgoogle.comforumnews
Show All News

No tweets found for this CVE

Configuration 1
TypeVendorProduct
OSMicrosoftwindows_10_1507
OSMicrosoftwindows_10_1607
OSMicrosoftwindows_10_1809
OSMicrosoftwindows_10_20h2
OSMicrosoftwindows_10_21h1
OSMicrosoftwindows_10_21h2
OSMicrosoftwindows_11_21h2
OSMicrosoftwindows_11
OSMicrosoftwindows_server_2022
OSMicrosoftwindows_10
OSMicrosoftwindows_7
OSMicrosoftwindows_8.1
OSMicrosoftwindows_rt_8.1
OSMicrosoftwindows_server_2008
OSMicrosoftwindows_server_2012
OSMicrosoftwindows_server_2016
OSMicrosoftwindows_server_2019
ReferenceLink
AF854A3A-2127-422B-91AE-364DA2661108https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969
WINDOWS COMMON LOG FILE SYSTEM DRIVER ELEVATION OF PRIVILEGE VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969
MITREhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37969
MISChttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37969
MISChttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37969
INTHEWILDhttps://nvd.nist.gov/vuln/detail/CVE-2022-37969
INTHEWILDhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37969
INTHEWILDhttps://nvd.nist.gov/vuln/detail/CVE-2022-37969
INTHEWILDhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37969
INTHEWILDhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog
MISChttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37969
MISChttps://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0039/MNDT-2022-0039.md
MISChttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969
WINDOWS COMMON LOG FILE SYSTEM DRIVER ELEVATION OF PRIVILEGE VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969
WINDOWS COMMON LOG FILE SYSTEM DRIVER ELEVATION OF PRIVILEGE VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969
CWE IDCWE NameDescription
CWE-787Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence Access