Hackers Exploiting Recently Reported Windows Print Spooler Vulnerability in the Wild

A security flaw in the Windows Print Spooler component that was
patched by Microsoft in February is being actively exploited in the
wild, the U.S. Cybersecurity and Infrastructure Security Agency
(CISA) has warned^[1].

To that end, the agency has added the shortcoming to its Known
Exploited Vulnerabilities Catalog^[2], requiring Federal
Civilian Executive Branch (FCEB) agencies to address the issues by
May 10, 2022.

Tracked as CVE-2022-22718^[3]
(CVSS score: 7.8), the security vulnerability is one among the four
privilege escalation flaws in the Print Spooler that Microsoft
resolved as part of its Patch
Tuesday updates^[4]
on February 8, 2022.

It’s worth noting that the Redmond-based tech giant has
remediated a number^[5]
of Print Spooler flaws since the critical PrintNightmare^[6]
remote code execution vulnerability came to light last year,
including 15
elevation of privilege vulnerabilities^[7]
in April 2022.

Also added to the catalog are two other security flaws based on
“evidence of active exploitation” –

• CVE-2018-6882^[8] (CVSS score: 6.1) –
  Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS)
  Vulnerability
• CVE-2019-3568^[9] (CVSS score: 9.8) –
  WhatsApp VOIP Stack Buffer Overflow Vulnerability

The addition of CVE-2018-6882 comes close on the heels of an
advisory^[10] released by the
Computer Emergency Response Team of Ukraine (CERT-UA) last week,
cautioning of phishing attacks targeting government entities with
the goal of forwarding victims’ emails to a third-party email
address by leveraging the Zimbra vulnerability.

CERT-UA attributed the targeted intrusions to a threat cluster
tracked as UAC-0097.

In light of real world attacks weaponizing the vulnerabilities,
organizations are recommended to reduce their exposure by
“prioritizing timely remediation of […] as part of their
vulnerability management practice.”