CVE-2022-37998

CVSS 3.1 Score 7.7 of 10 (high)

Details

Published Oct 11, 2022

Updated: Jan 2, 2025

Summary

CVE-2022-37998 is a newly disclosed vulnerability affecting the Windows Local Session Manager (LSM). This issue permits an attacker to cause a Denial of Service condition on targeted systems by manipulating a specific LSM functionality. By exploiting this vulnerability, an attacker can prevent legitimate users from accessing their sessions, causing significant disruption to business operations. The exact cause of the vulnerability lies in the way LSM handles certain requests, enabling an attacker to consume excessive system resources. Microsoft is aware of the issue and has released a patch to address it. System administrators are strongly advised to apply the patch as soon as possible to protect their networks from potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Microsoft Windows 10
Windows Server 2022
Microsoft Windows 11

Affected Vendors

Microsoft

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners