Hackers Exploit Recent Windows Print Spooler Vulnerability

Hackers Exploit Recent Windows Print Spooler Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw in Microsoft's Windows Print Spooler component has been actively exploited in the wild since its patching in February.

An additional flaw is now included in its Known Exploited Vulnerabilities Catalog, which requires all Federal Civilian Executive Branch (FCEB) agencies to fix the issues by May 10, 2022.

Microsoft patched four privilege escalation flaws in the Print Spooler as part of its Patch Tuesday updates on February 8, 2022, one of which was identified as CVE-2022-22718 (CVSS score: 7.8).

This should be noted because Microsoft has fixed numerous Print Spooler flaws since last year's critical PrintNightmare remote code execution vulnerability, including 15 elevations of privilege flaws as recently as April 2022.

As a precautionary measure against hacker exploitation, we're not revealing any further information about these attacks or the threat actors who may be taking advantage of the Print Spooler flaw. When the fixes were rolled out two months ago, Microsoft assigned it the label "exploitation more likely".

Two more security flaws based on "evidence of active exploitation" have been added to the list as well.

  1. CVE-2018-6882 (CVSS score: 6.1) - Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
  2. CVE-2019-3568 (CVSS score: 9.8) - WhatsApp VOIP Stack Buffer Overflow Vulnerability

According to the Computer Emergency Response Team of Ukraine (CERT-UA), phishing attacks aimed at government entities may use the Zimbra vulnerability to send victim emails to a third-party email address. The announcement of CVE-2018-6882 follows closely on the heels of that advisory.

The targeted intrusions were traced back to a threat cluster known as UAC-0097, according to CERT-UA.

Organizations are advised to "prioritize timely remediation of [vulnerabilities] as part of their vulnerability management practice" in light of real-world attacks weaponizing the vulnerabilities.


Your suggestions and comments are welcome

Post a Comment

Your suggestions and comments are welcome

Post a Comment (0)

Previous Post Next Post