Hackers Exploiting Recently Reported Windows Print Spooler Vulnerability in the Wild

Technology

A security flaw in the Windows Print Spooler component that was patched by Microsoft in February is being actively exploited in the wild, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned.

To that end, the agency has added the shortcoming to its Known Exploited Vulnerabilities Catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to address the issues by May 10, 2022.

CyberSecurity

Tracked as CVE-2022-22718 (CVSS score: 7.8), the security vulnerability is one among the four privilege escalation flaws in the Print Spooler that Microsoft resolved as part of its Patch Tuesday updates on February 8, 2022.

It’s worth noting that the Redmond-based tech giant has remediated a number of Print Spooler flaws since the critical PrintNightmare remote code execution vulnerability came to light last year, including 15 elevation of privilege vulnerabilities in April 2022.

Also added to the catalog are two other security flaws based on “evidence of active exploitation” –

  • CVE-2018-6882 (CVSS score: 6.1) – Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
  • CVE-2019-3568 (CVSS score: 9.8) – WhatsApp VOIP Stack Buffer Overflow Vulnerability

The addition of CVE-2018-6882 comes close on the heels of an advisory released by the Computer Emergency Response Team of Ukraine (CERT-UA) last week, cautioning of phishing attacks targeting government entities with the goal of forwarding victims’ emails to a third-party email address by leveraging the Zimbra vulnerability.

CyberSecurity

CERT-UA attributed the targeted intrusions to a threat cluster tracked as UAC-0097.

In light of real world attacks weaponizing the vulnerabilities, organizations are recommended to reduce their exposure by “prioritizing timely remediation of […] as part of their vulnerability management practice.”

Products You May Like

Articles You May Like

10 Gym Essentials for Men To Up Your Workout in 2024
ChatGPT blocked 250,000 image generations of presidential candidates
Trump picks Fox News host Pete Hegseth for defense secretary – NBC Los Angeles
Strong revenue growth, first Neutron deal
Former Trump lawyer Rudy Giuliani threatened with contempt