AL2022_24 Windows Print Spooler Vulnerability Exploited in the Wild (21st April 2022)

Description 

Microsoft addressed a security hole in the Windows Print Spooler component in February, but it is still being actively abused in the wild. 

Summary  

Dubbed PrintNightmare, CVE-2022-22718 is among four privilege escalation flaws in the print spooler that Microsoft resolved as part of its patch Tuesday updates on February 8, 2022. 

How it works  

The only information Microsoft provided regarding this security issue was that it can be exploited locally by threat actors in low-complexity attacks without requiring user input. The nature of the attacks and the identification of the threat actors who may be abusing the Print Spooler flaw are being kept under wraps, partially to prevent future exploitation by hacker teams. 

Remediation  

This Vulnerability was fixed in the February Patch Tuesday updates rolled out by Microsoft. It is advised to ensure that all devices are updated with the most recent patches. 

The Guyana National CIRT recommends that users and administrations review this alert and apply it where necessary. 

PDF Download: Windows Print Spooler Vulnerability.pdf

References