The Cybersecurity and Infrastructure Security Agency (CISA) rings a warning bell for three Windows vulnerabilities as hackers are actively trying to exploit the flaws in the wild. The Print Spooler vulnerability tracked as CVE-2022-22718 is one of the three flaws. This flaw allows advisories to exploit locally without user interaction. And the most concerning thing about this flaw is that it affects all the versions of the Microsoft Windows operating system, including servers and workstations. Moreover, the Spooler service is enabled by default at start-up. All these factors have made the flaw severe and addresse it as soon as possible. We urge all the Windows admins and individuals who own the Windows server or PC should consider this warning message and need to fix the CVE-2022-22718 vulnerability. Let’s see how to fix CVE-2022-22718, a privilege escalation vulnerability in Windows Print Spooler.
Table of Contents
What is Windows Print Spooler?
Windows Print Spooler is a built-in system service on all Windows workstations and servers that manages printing jobs and queues. It enables Windows applications to share printers with other computers on the network. When you print a document, the spooler places the print job in a queue.
Its main functions are retrieving the location of the correct printer driver, loading that driver, spooling high-level function calls into a print job, scheduling the print job for printing, and so on. This service is enabled by default and runs until the system is up and running. Here is the simple architecture of the Print Spooler service.
Summary Of CVE-2022-22718:
This is a privilege escalation vulnerability in the Windows Print Spooler service that allows advisories to exploit locally without user interaction.
Associated CVE ID | CVE-2022-22718 |
Description | A Privilege Escalation Vulnerability in Windows Print Spooler |
Associated ZDI ID | – |
CVSS Score | 7.8 High |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Impact Score | – |
Exploitability Score | – |
Attack Vector (AV) | Local |
Attack Complexity (AC) | Low |
Privilege Required (PR) | Low |
User Interaction (UI) | None |
Scope | Unchanged |
Confidentiality (C) | High |
Integrity (I) | High |
availability (a) | High |
How To Test The Windows Server Is Vulnerable To CVE-2022-22718?
Exploit script published on GitHub has made the testing process simple and easy. Follow these simple steps to test your Windows server vulnerable to the CVE-2022-22718 flaw.
Time needed: 10 minutes.
How To Test The Windows Server Is Vulnerable To CVE-2022-22718?
- Download the exploit from GitHub or clone the git
Use this git command to clone the repository.
> git clone https://github.com/LudovicPatho/CVE-2022-22718-SpoolFool.git
Or
Visit the Git page and download it.Note: Most Antivirus programs will treat this as a malicious file. You may need to stop the AntiVirus service to work on this script.
- Check the user ‘admin’
The idea behind this test is to create a user ‘admin’ by running this script.
Run this command to check the presence of user ‘admin’.
> net user admin
This time you don’t have the user ‘admin’ on the machine.
- Run the exploit
Unzip the file, and change the directory to the SpoolFool.exe. Run the exe file using ‘./’ as shone here.
> ./SpoolFool.exe -dll ./AddUser.dll
- Check the user ‘admin’ again
If your machine is vulnerable then a user ‘admin’ should have been created.
> net user admin
How To Fix CVE-2022-22718- A Privilege Escalation Vulnerability In Windows Print Spooler?
Microsoft has acknowledged the Windows Print Spooler vulnerability and released the patch in its February month security updates. It is recommended to apply the February security patches to fix this flaw.
If you are not in a position to apply the patch anytime soon, disable the spooler service. The best option to mitigate the print spooler vulnerability is to disable the print spooler service on the server and/or workstation on which the service is barely used.
Check out how to disable the Printer Spooler service and how to check the status of the service in detail.
Follow these tips to mitigate the Print Spooler service:
- Change the Registry Settings To Disable The Security Update
- Permit Users To Only Connect To Trusted Print Servers
- Permit Users To Only Connect To Trusted Print Servers With Specific Package Point
We hope this post will help you know How to Fix CVE-2022-22718- A Privilege Escalation Vulnerability in Windows Print Spooler. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/tech/aiops/270204.html