A security flaw in the Windows Print Spooler component that was patched by Microsoft in February is being actively exploited in the wild, the US Cybersecurity and Infrastructure Security Agency (CISA) has warned.
To that end, the agency has added the flaw to its catalog of known exploited vulnerabilities, requiring Federal Civilian Executive Branch (FCEB) agencies to resolve the issues by May 10, 2022.
Tracked as CVE-2022-22718 (CVSS score: 7.8), the security vulnerability is one of four privilege escalation flaws in the print spooler that Microsoft has addressed as part of its Patch Tuesday updates from February 8, 2022.
It’s worth noting that the Redmond-based tech giant has patched a number of print spooler flaws since the critical PrintNightmare remote code execution vulnerability was disclosed last year, including 15 vulnerabilities. of privileges in April 2022.
Details about the nature of the attacks and the identity of threat actors likely to exploit the print spooler flaw remain unknown, in part to prevent further exploitation by hacking teams. Microsoft, for its part, gave it a “more likely exploitation” tag when the patches were rolled out two months ago.
Also added to the catalog are two other security vulnerabilities based on “active exploit evidence” –
- CVE-2018-6882 (CVSS Score: 6.1) – Cross Site Scripting (XSS) Vulnerability in Zimbra Collaboration Suite (ZCS)
- CVE-2019-3568 (CVSS Score: 9.8) – WhatsApp VOIP Stack Buffer Overflow Vulnerability
The addition of CVE-2018-6882 follows an advisory issued last week by the Computer Emergency Response Team of Ukraine (CERT-UA), warning of phishing attacks targeting government entities with the aim of forwarding victims’ emails to a third-party email address by exploiting the Zimbra vulnerability.
CERT-UA attributed the targeted intrusions to a threat cluster identified as UAC-0097.
In light of real-world attacks that weaponize vulnerabilities, organizations are recommended to reduce their exposure by “prioritizing the rapid remediation of […] as part of their vulnerability management practice. »