CVE-2022-37956 Windows Kernel Elevation of Privilege Vulnerability

This vulnerability is critical in virtualization and cloud environments where guests have access to the host file system. Virtualization and cloud administrators should be aware of hosting file systems with elevated privileges and be cautious of the access a guest operating system may have to the physical host. Avoid placing a host file system with elevated privileges in a virtual environment or cloud service where guests may have access to the host file system. RE CVE-2022-37957, RE CVE-2022-37964. This vulnerability is being actively exploited. It is critical that users update their systems as soon as possible.

What is VMware Virtualization?

VMware is a computer software company that develops and sells virtualization software, as well as related services. VMware is headquartered in Palo Alto, California.

Vulnerability Description

This vulnerability affects all operating systems. This vulnerability allows a guest operating system to gain elevated privileges on the host file system through a race condition in which the guest OS does not properly validate user input before using it to change a file's permissions. This vulnerability is being actively exploited and is particularly dangerous for management servers that may use SMB.

Vulnerability Information

The vulnerability CVE-2022-37956 allows for local access to the host file system and has been actively exploited. This is a critical flaw in virtualization and cloud environments where guests have access to the host file system.
This vulnerability is being actively exploited. It is critical that users update their systems as soon as possible.

Summary of Vulnerability

An industry-critical vulnerability has been found in the host file system. This vulnerability is critical in virtualization and cloud environments where guests have access to the host file system. It is critical that users update their systems as soon as possible.
The following variants of this vulnerability have been publicly identified:
CVE-2022-37956 - Microsoft Windows hosts running with privilege elevation
CVE-2022-37957 - Microsoft Windows hosts running without privilege elevation
CVE-2022-37964 - Microsoft Windows guests with privilege elevation
This vulnerability is being actively exploited. It is important that users update their systems as soon as possible.

Summary of Vulnerable Output

This vulnerability is critical in virtualization and cloud environments where guests have access to the host file system. Virtualization and cloud administrators should be aware of hosting file systems with elevated privileges and be cautious of the access a guest operating system may have to the physical host.
Virtualization and cloud administrators should avoid placing a host file system with elevated privileges in a virtual environment or cloud service where guests may have access to the host file system.

Timeline

Published on: 09/13/2022 19:15:00 UTC
Last modified on: 09/16/2022 17:54:00 UTC

References

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37956
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37956