Microsoft issued a patch for a zero-day flaw actively exploited in the wild in its latest Patch Tuesday dump of security fixes. The update to the world’s most ubiquitous operating system includes 63 other patches, including another zero-day.
The actively exploited zero-day, tracked as CVE-2022-37969, allows attackers to execute code with elevated privileges and gain access to affected systems. Hackers typically look for ways to gain elevated access to computing resources, making the bug potentially a serious one despite its CVSS score of 7.8.
Exploitation of the vulnerability requires an attacker to already have gained access to the system. “Bugs of this nature are often wrapped into some form of social engineering attack, such as convincing someone to open a file or click a link,” says Dustin Childs, a security analyst at Zero Day Initiative, a software vulnerability initiative run by cybersecurity firm Trend Micro.