The U.S Cybersecurity and Infrastructure Security Agency (CISA) has asked users to watch out for a vulnerability in the Windows Print Spooler. Although Microsoft had patched the vulnerability in February, the vulnerability is being actively exploited in the wild.
Further, the agency said the flaw had been registered in its Known Exploited Vulnerbailites Catalog, which requires Federal Civilian Executive Branch (FCEB) agencies to fix the vulnerability by May 10, 2022.
The vulnerability, called CVE-2022-22718 (CVSS score: 7.8), makes up one out of the four privilege escalation flaws in the Print Spooler that Microsoft fixed in its Patch Tuesday updates on February 8, 2022.
Microsoft has patched several Print Spooler flaws since the critical PrintNightmare remote code execution vulnerability was uncovered last year.
The catalogue has been updated with two other security flaws based on “evidence of active exploitation” –
- CVE-2018-6882 (CVSS score: 6.1) – Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
- CVE-2019-3568 (CVSS score: 9.8) – WhatsApp VOIP Stack Buffer Overflow Vulnerability
CVE-2019-6882 has been included in the list considering the advisory released by the Computer Emergency Response Team of Ukraine (CERT-UA) last week, warning of phishing attacks having government entities on their radar.
CERT-UA blamed a threat cluster labelled UAC-0097 for the attacks.
In light of real-world attacks weaponizing the vulnerabilities, organizations are recommended to reduce their exposure by “prioritizing timely remediation of […] as part of their vulnerability management practice.”