Microsoft has released its monthly batch of security updates to address more than 60 security vulnerabilities in a wide range of its software products, including a zero-day flaw actively exploited in hacker attacks.
Tracked as CVE-2022-37969, the zero-day bug has been described as privilege escalation flaw affecting the Windows Common Log File System (CLFS) Driver, which could be used by a local attacker to execute arbitrary code with SYSTEM privileges. The flaw affects Windows versions starting from Windows 7 through 11 21H2, and Windows Server 2012 - 2022 20H2.
Other security issues of note fixed with the release of the September 2022 Patch Tuesday updates include high-risk vulnerabilities impacting Microsoft ODBC Driver, Microsoft OLE DB Provider for SQL Server, Windows IKE Extension, Windows TCP/IP, Dynamics CRM, Microsoft .NET Framework, Office Visio, PowerPoint, Windows Secure Channel, Windows Kerberos, LDAP, Remote Procedure Call Runtime, Windows Fax Service, AV1 Video Extension, and other software.