A security flaw in the Windows Print Spooler component that Microsoft patched in February is being widely exploited, the US Cybersecurity and Infrastructure Security Agency (CISA) has warned.
To that end, the agency added the flaw to its catalog of known exploits, asking the Federal Civil Administration Branch (FCEB) agency to address the issues by May 10, 2022.
The security vulnerability, tracked as CVE-2022-22718 (CVSS Score: 7.8), is one of four privilege escalation vulnerabilities in the print spooler addressed by Microsoft in the February 8, 2022 Patch Tuesday update.
Notably, the Redmond-based tech giant has patched numerous Print Spooler vulnerabilities since the critical PrintNightmare remote code execution vulnerability came to light last year, including 15 escalation of privilege vulnerabilities in April 2022.
Two other “active exploit evidence” based security holes were added to the catalog –
- CVE-2018-6882 (CVSS Score: 6.1) – Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
- CVE-2019-3568 (CVSS Score: 9.8) – WhatsApp VOIP Stack Buffer Overflow Vulnerability
The addition of CVE-2018-6882 comes on the heels of an advisory issued last week by the Ukrainian Computer Emergency Response Team (CERT-UA) warning of phishing attacks targeting government entities with the aim of forwarding victims’ emails to exploit Zimbra vulnerabilities Obtain third-party email addresses.
CERT-UA attributes the targeted intrusion to a threat cluster tracked as UAC-0097.
Given that real-world attacks weaponize vulnerabilities, organizations are advised to “prioritize timely remediation by […] as part of their vulnerability management practices. “
