Hackers that exploit recently reported Windows Print Spooler vulnerabilities in the wild

Windows Print Spooler Vulnerability

A security flaw in the Windows Print Spooler component that was fixed by Microsoft in February is being actively exploited in nature, the US Cybersecurity and Infrastructure Security Agency (CISA) has warned.

To that end, the agency has added the shortcoming to its catalog of known exploited vulnerabilities, requiring Federal Civilian Executive Branch (FCEB) agencies to resolve the issues by May 10, 2022.

Cyber ​​security

Trailed as CVE-2022-22718 (CVSS score: 7.8), the security vulnerability is one of four privilege escalation bugs in Print Spooler that Microsoft fixed as part of its Patch Tuesday updates on February 8, 2022.

It is worth noting that the Redmond-based technology giant has addressed a number of Print Spooler bugs since the critical PrintNightmare remote code execution vulnerability emerged last year, including 15 privilege extension vulnerabilities in April 2022.

Also added to the catalog are two other security flaws based on “evidence of active exploitation” –

  • CVE-2018-6882 (CVSS Score: 6.1) – Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
  • CVE-2019-3568 (CVSS score: 9.8) – WhatsApp VOIP Stack Buffer Overflow vulnerability

The addition of CVE-2018-6882 comes close to a statement issued by Ukraine’s Computer Emergency Response Team (CERT-UA) last week warning of phishing attacks targeting state entities for the purpose of forwarding victims’ emails to a third-party email address by exploiting the Zimbra vulnerability.

Cyber ​​security

CERT-UA attributed the targeted intrusion into a threat cluster tracked as UAC-0097.

In the face of real-world attacks arming the vulnerabilities, organizations are advised to reduce their exposure by “prioritizing timely remediation of […] as part of their vulnerability management practices. “