Recent Exploits of a Windows Print Spooler Vulnerability Has Been Spotted In The Wild.

Enterprise Security Magazine | Tuesday, May 17, 2022

A security flaw in the Windows Print Spooler component that was patched by Microsoft in February is being actively exploited in the wild, the U.S. Cybersecurity and Infrastructure Security Agency have warned.

FREMONT, CA: The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security defect in the Windows Print Spooler component, which was patched by Microsoft in February, is being actively abused in the wild. For that purpose, the agency has added the flaw to its Known Exploited Vulnerabilities Catalog, requiring FCEB agencies to fix the problems by May 10, 2022. The security flaw, identified as CVE-2022-22718, is one of four privilege escalation flaws in the Print Spooler that Microsoft fixed as part of their Patch Tuesday updates on February 8, 2022. It's worth mentioning that since the severe PrintNightmare remote code execution vulnerability was discovered last year, Microsoft has patched several Print Spooler problems, including 15 elevations of privilege vulnerabilities in April 2022.

The nature of the attacks and the identity of the threat actors who may be abusing the Print Spooler flaw is unclear to avoid further exploitation by hacker teams. When the patches were released two months ago, Microsoft assigned the tag "exploitation more likely."

The list has been updated with two additional security issues based on "evidence of active exploitation"- CVE-2018-6882 (CVSS rating: 6.1) - Cross-Site Scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS). The CVSS score for CVE-2019-3568 is 9.8 - it is a vulnerability in WhatsApp's VoIP stack buffer.

CVE-2018-6882 was added just days after the Computer Emergency Response Team of Ukraine (CERT-UA) issued an advisory warning of phishing attempts targeting government bodies with the intention of forwarding victims' emails to a third-party email account using the Zimbra vulnerability.  UAC-0097 was identified as the source of the targeted intrusions, according to CERT-UA. In light of real-world attacks that exploit vulnerabilities, organisations should "prioritise fast remediation as part of their vulnerability management process," according to the report.

Read Also

Encryption - your superpower or your kryptonite

Encryption - your superpower or your kryptonite

Nimesh Mehta, Senior Vice President & Chief Information Officer
Cyber Security Training: Messaging to the right audience matters

Cyber Security Training: Messaging to the right audience matters

Alex J Attumalil, VP, Global Chief Information Security Officer, Under Armour
How to Minimize the Impact of Cyber Attacks on Businesses?

How to Minimize the Impact of Cyber Attacks on Businesses?

Mark Alvarado, Director of Cyber Security & IT Compliance, Academy Sports + Outdoors
Communication Flows: The Key to Enterprise Cybersecurity

Communication Flows: The Key to Enterprise Cybersecurity

Thomas Titus, Director Information Security, Everest Reinsurance
How Local Governments in Rural America are Combatting Cybersecurity

How Local Governments in Rural America are Combatting Cybersecurity

Shane McDaniel, Director of Information Technology at City of Seguin
Building a Cyber Security PMO-why is it important for Cyber departments

Building a Cyber Security PMO-why is it important for Cyber...

Ravi Narsipur, Director Cyber Security & Risk Management at United Technologies