The US Cybersecurity and Infrastructure Security Agency (CISA) says a recently patched Windows Print Spooler vulnerability has been exploited in attacks.
The security hole, tracked as CVE-2022-22718, was fixed by Microsoft with its February 2022 Patch Tuesday updates. It was one of the four Print Spooler issues addressed at the time.
According to Microsoft, CVE-2022-22718 can be exploited by a local attacker to escalate privileges, without the need for any user interaction.
CISA on Tuesday added the vulnerability to its Known Exploited Vulnerabilities Catalog, which currently tracks nearly 650 exploited flaws. Federal agencies have been given until May 10 to address this security hole, but CISA advises all organizations to prioritize the patching of the vulnerabilities included in this catalog, referred to by some as a “Must Patch” list.
No information has been shared by CISA about the attacks exploiting the vulnerability and there do not appear to be any public reports describing exploitation of the flaw. Microsoft’s advisory currently says the security hole has not been exploited in attacks, but the tech giant did assign it an “exploitation more likely” rating in February.
CISA told SecurityWeek in the past that it does have evidence of exploitation for every vulnerability it adds to its catalog, even if there are no public reports of exploitation, suggesting that the agency is relying on privately obtained information as well.
CISA and the FBI recently warned organizations that Russian state-sponsored threat actors had been gaining access to networks and systems by exploiting default multi-factor authentication protocols and a different Windows Print Spooler vulnerability known as CVE-2021-34527 and PrintNightmare, whose existence came to light in the summer of 2021.
Related: CISA Says ‘HiveNightmare’ Windows Vulnerability Exploited in Attacks
Related: Defcon Talk Prompts New Windows Print Spooler Flaw Warning
Related: CISA Urges Organizations to Patch Exploited Windows Vulnerability
Related: CISA Issues Emergency Directive to Address ‘PrintNightmare’ Vulnerability