The Cybersecurity and Infrastructure Security Agency (CISA) has added three new security vulnerabilities to its list of actively exploited bugs, including a local privilege escalation bug in the Windows Print Spooler.
This very serious vulnerability (tracked as CVE-2022-22718) affects all versions of Windows as per Microsoft’s recommendation and was fixed during the Patch Tuesday of February 2022.
The only information Microsoft has shared about this security flaw is that threat actors can exploit it locally in low-complexity attacks without user intervention.
Redmond has patched several other Windows Print Spooler bugs over the past 12 months, including the critical remote code execution vulnerability in PrintNightmare.
After technical details and a proof-of-concept (POC) exploit for PrintNightmare were accidentally leaked, CISA warned administrators to disable the Windows Print Spooler service on domain controllers and systems not used for printing to prevent potential inbound attacks. to block.
Last week, CISA added another privilege escalation bug in the Windows Common Log File System Driver to its list of vulnerabilities exploited in the wild, a bug reported by CrowdStrike and the US National Security Agency (NSA) and patched by Microsoft at this month’s Patch Tuesday. †
Federal agencies get three weeks to patch
Under a November binding operational directive (BOD 22-01), all Federal Civilian Executive Branch Agencies (FCEB) agencies are required to secure their systems against security vulnerabilities added to the CISA catalog of Known Exploited Vulnerabilities (KEV).
CISA has given the agencies three weeks, until May 10, to patch the now actively exploited vulnerability CVE-2022-22718 and block pending exploit attempts.
While this guidance only applies to US federal agencies, CISA also strongly urges all US organizations to resolve this elevation of privilege bug in the Windows Print Spooler to attempt to elevate privileges on their Windows systems, to thwart.
The US cybersecurity firm today added two older vulnerabilities to its KEV catalog, which have also been exploited in ongoing attacks.
CVE Vulnerability Name Date Added CVE-2022-22718 Microsoft Windows Print Spooler Privilege Escalation Vulnerability 2022-04-19 CVE-2018-6882 Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) 2022-04 -19 CVE-2019-3568 WhatsApp VOIP Stack Buffer Overflow Vulnerability 2022-04-19
“Vulnerabilities like these are a frequent attack vector for malicious cyber actors of all kinds and pose a significant risk to the federal enterprise,” the US Cybersecurity Agency said in November.
Since the binding BOD 22-01 directive was issued, CISA has added hundreds of security bugs to its list of actively exploited vulnerabilities, directing US federal agencies to patch them as soon as possible to prevent breaches.
This post CISA warns of attackers now exploiting Windows Print Spooler bug
was original published at “https://www.bleepingcomputer.com/news/security/cisa-warns-of-attackers-now-exploiting-windows-print-spooler-bug/”
