The Cybersecurity and Infrastructure Security Agency (CISA) has added three new security flaws to its list of actively exploited vulnerabilities, including a local privilege escalation vulnerability in Windows Print Spooler.
According to Microsoft’s advisory, this high-severity vulnerability (tracked as CVE-2022-22718) affects all Windows versions and has been fixed in the February 2022 Patch Tuesday.
The only information Microsoft shared about this security flaw is that threat actors can conduct low-sophistication attacks locally without user interaction.
Redmond has patched several other Windows Print Spooler vulnerabilities in the past 12 months, including the critical PrintNightmare remote code execution vulnerability.
After technical details of PrintNightmare and a proof-of-concept (POC) vulnerability were accidentally leaked, CISA warned administrators to disable the Windows Print Spooler service on domain controllers and systems not used for printing to block potential incoming attacks.
Last week, CISA added another privilege escalation bug in the Windows Generic Journaling File System driver to the list of exploited vulnerabilities in the wild, a bug reported by CrowdStrike and the National Security Agency (NSA) and published in this month’s Patch Tuesday was patched by Microsoft.
Federal agency gives three weeks to fix
According to the November Binding Operational Directive (BOD 22-01), all Federal Civil Executive Branch Agency (FCEB) agencies are required to protect their systems from security vulnerabilities added to CISA’s Known Exploited Vulnerability (KEV) catalog.
CISA gave these agencies three weeks, until May 10, to patch the now actively exploited CVE-2022-22718 vulnerability and block ongoing exploitation attempts.
Although this directive applies only to US federal agencies, CISA also strongly urges all US organizations to fix this Windows Print Spooler privilege escalation bug to block attempts to escalate privileges on their Windows systems.
The US cybersecurity agency today added two older security holes to its KEV catalog that are also being abused in ongoing attacks.
| CVE | Vulnerability name | date added |
| CVE-2022-22718 | Microsoft Windows Print Spooler Privilege Escalation Vulnerability | 2022-04-19 |
| CVE-2018-6882 | Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) | 2022-04-19 |
| CVE-2019-3568 | WhatsApp VOIP Stack Buffer Overflow Vulnerability | 2022-04-19 |
“These types of vulnerabilities are a common attack vector for malicious cyber actors of all types and pose a significant risk to federal businesses,” the U.S. cybersecurity agency explained in November.
Since the issuance of BOD 22-01 Binding Directive, CISA has added hundreds of security vulnerabilities to its list of actively exploited vulnerabilities and ordered U.S. federal agencies to patch them as soon as possible to prevent breaches.
