The US Cybersecurity and Infrastructure Security Agency (CISA) says a recently patched Windows Print Spooler vulnerability has been exploited in attacks.
The security hole, tracked as CVE-2022-22718, was fixed by Microsoft with its February 2022 Patch Tuesday updates. It was one of the four Print Spooler issues addressed at the time.
According to Microsoft, CVE-2022-22718 can be exploited by a local attacker to escalate privileges, without the need for any user interaction.
CISA on Tuesday added the vulnerability to its Known Exploited Vulnerabilities Catalog, which currently tracks nearly 650 exploited flaws. Federal agencies have been given until May 10 to address this security hole, but CISA advises all organizations to prioritize the patching of the vulnerabilities included in this catalog, referred to by some as a “Must Patch” list.
No information has been shared by CISA about the attacks exploiting the vulnerability and there do not appear to be any public reports describing exploitation of the flaw. Microsoft’s advisory currently says the security hole has not been exploited in attacks, but the tech giant did assign it an “exploitation more likely” rating in February.
CISA told SecurityWeek in the past that it does have evidence of exploitation for every vulnerability it adds to its catalog, even if there are no public reports of exploitation, suggesting that the agency is relying on privately obtained information as well.
CISA and the FBI recently warned organizations that Russian state-sponsored threat actors had been gaining access to networks and systems by exploiting default multi-factor authentication protocols and a different Windows Print Spooler vulnerability known as CVE-2021-34527 and PrintNightmare, whose existence came to light in the summer of 2021.
Related: CISA Says ‘HiveNightmare’ Windows Vulnerability Exploited in Attacks
Related: Defcon Talk Prompts New Windows Print Spooler Flaw Warning
Related: CISA Urges Organizations to Patch Exploited Windows Vulnerability
Related: CISA Issues Emergency Directive to Address ‘PrintNightmare’ Vulnerability
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
- Dole Says Employee Information Compromised in Ransomware Attack
- High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian
- CISA Expands Cybersecurity Committee, Updates Baseline Security Goals
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
Latest News
- Intel Co-founder, Philanthropist Gordon Moore Dies at 94
- Google Leads $16 Million Investment in Dope.security
- US Charges 20-Year-Old Head of Hacker Site BreachForums
- Tesla Hacked Twice at Pwn2Own Exploit Contest
- CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
