September’s Patch Tuesday is upon us, giving Microsoft the opportunity to fix, among other things, two zero-day vulnerabilities being actively exploited in the wild.
As per the company’s security advisory, the two flaws are tracked as CVE-2022-37969, and CVE-2022-23960. The former is a Windows Common Log File System Driver Elevation of Privilege Vulnerability, and it allows for remote code execution. It holds a severity score of 7.8.