CVE-2022-37998: 
vulnerability analysis and mitigation

Windows Local Session Manager (LSM) Denial of Service Vulnerability (CVE-2022-37998) was identified and disclosed on October 11, 2022. This vulnerability affects multiple versions of Microsoft Windows including Windows 10 (20H2, 21H1, 21H2), Windows 11 (including ARM64 and x64 versions), and Windows Server 2022. The vulnerability is unique from CVE-2022-37973 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.7 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs low privileges, and no user interaction, with potential for high availability impact (Rapid7).

The vulnerability primarily affects system availability through a denial of service condition in the Windows Local Session Manager (LSM). When successfully exploited, it could allow an attacker to cause system disruption, specifically targeting the availability of the affected Windows systems (NVD).

Microsoft has released security updates to address this vulnerability. The fixes are available through various KB updates including KB5018410 for Windows 10, KB5018418 for Windows 11 21H2, KB5018427 for Windows 11 22H2, and KB5018421 for Windows Server 2022 (Rapid7).