Description
Microsoft addressed a security hole in the Windows Print Spooler component in February, but it is still being actively abused in the wild.
Summary
Dubbed PrintNightmare, CVE-2022-22718 is among four privilege escalation flaws in the print spooler that Microsoft resolved as part of its patch Tuesday updates on February 8, 2022.
How it works
The only information Microsoft provided regarding this security issue was that it can be exploited locally by threat actors in low-complexity attacks without requiring user input. The nature of the attacks and the identification of the threat actors who may be abusing the Print Spooler flaw are being kept under wraps, partially to prevent future exploitation by hacker teams.
Remediation
This Vulnerability was fixed in the February Patch Tuesday updates rolled out by Microsoft. It is advised to ensure that all devices are updated with the most recent patches.
The Guyana National CIRT recommends that users and administrations review this alert and apply it where necessary.
PDF Download: Windows Print Spooler Vulnerability.pdf
References
Lakshmanan, Ravie. (19th April 2022). Hackers Exploiting Recently Reported Windows Print Spooler Vulnerability in the Wild. Retrieved from The Hacker news. https://thehackernews.com/2022/04/hackers-exploiting-recently-reported.html
Gatlan, Sergiu. (19th April 2022). CISA warns of attackers now exploiting Windows Print Spooler bug. Retrieved from Bleeping Computer. https://www.bleepingcomputer.com/news/security/cisa-warns-of-attackers-now-exploiting-windows-print-spooler-bug/