Hackers Taking Advantage of a Recently Discovered Windows Print Spooler Vulnerability

A security hole in Microsoft’s Windows Print Spooler component, which was fixed in February, is still being actively abused in the wild, according to the US Cybersecurity and Infrastructure Security Agency (CISA).

As a result, the agency has added the weakness to its Known Exploited Vulnerabilities Catalog, requiring FCEB agencies to fix the issues by May 10, 2022.

The CVE-2022-22718 (CVSS: 7.8) security weakness is one of four privilege escalation flaws in the Print Spooler that Microsoft fixed in their February 8, 2022 Patch Tuesday releases.

It’s worth mentioning that since the severe PrintNightmare remote code execution vulnerability was discovered last year, Microsoft has patched a number of Print Spooler problems, including 15 elevations of privilege vulnerabilities in April 2022.

The nature of the assaults and the identification of the threat actors who may be abusing the Print Spooler flaw are being kept under wraps, partially to prevent future exploitation by hacker teams.

When the patches were released two months ago, Microsoft awarded it the designation “exploitation more probable.”

Two more security issues based on “evidence of active exploitation” have been added to the list:

  • CVE-2018-6882 (CVSS score: 6.1) – Cross-Site Scripting (XSS) Vulnerability in Zimbra Collaboration Suite (ZCS)
  • CVE-2019-3568: (CVSS score: 9.8) – Overflow of the WhatsApp VOIP Stack Buffer Vulnerability

The inclusion of CVE-2018-6882 follows an alert issued last week by the Computer Emergency Response Team of Ukraine (CERT-UA) warning of phishing attempts targeting government bodies with the intention of forwarding victims’ emails to a third-party email account by using the Zimbra vulnerability.

The targeted intrusions were traced back to a threat cluster known as UAC-0097, according to CERT-UA.

In view of real-world assaults that use vulnerabilities as a weapon, businesses are advised to decrease their risk by “prioritizing prompt remediation of […] as part of their vulnerability management process.” 

If you want to learn more about SpoolFool – Windows Print Spooler Elevation of Privilege Vulnerability (CVE-2022–22718), please visit. Andy Li’s YouTube channel, hes a prominent YouTuber to whom I am subscribed, recently posted a video on the SpoofFool Print Spooler Exploit. If you’re interested, check out his video.

Hackers Use Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams