Table of Contents
  • Home
  • /
  • Blog
  • /
  • How To Fix CVE-2022-22718- A Privilege Escalation Vulnerability In Windows Print Spooler
April 20, 2022
|
4m

How To Fix CVE-2022-22718- A Privilege Escalation Vulnerability In Windows Print Spooler


How To Fix Cve 2022 22718 A Privilege Escalation Vulnerability In Windows Print Spooler

The Cybersecurity and Infrastructure Security Agency (CISA) rings a warning bell for three Windows vulnerabilities as hackers are actively trying to exploit the flaws in the wild. The Print Spooler vulnerability tracked as CVE-2022-22718 is one of the three flaws. This flaw allows advisories to exploit locally without user interaction. And the most concerning thing about this flaw is that it affects all the versions of the Microsoft Windows operating system, including servers and workstations. Moreover, the Spooler service is enabled by default at start-up. All these factors have made the flaw severe and addresse it as soon as possible. We urge all the Windows admins and individuals who own the Windows server or PC should consider this warning message and need to fix the CVE-2022-22718 vulnerability. Let’s see how to fix CVE-2022-22718, a privilege escalation vulnerability in Windows Print Spooler.

What is Windows Print Spooler?

Windows Print Spooler is a built-in system service on all Windows workstations and servers that manages printing jobs and queues. It enables Windows applications to share printers with other computers on the network. When you print a document, the spooler places the print job in a queue.

Its main functions are retrieving the location of the correct printer driver, loading that driver, spooling high-level function calls into a print job, scheduling the print job for printing, and so on. This service is enabled by default and runs until the system is up and running. Here is the simple architecture of the Print Spooler service.

Summary Of CVE-2022-22718:

This is a privilege escalation vulnerability in the Windows Print Spooler service that allows advisories to exploit locally without user interaction. 

Associated CVE IDCVE-2022-22718
DescriptionA Privilege Escalation Vulnerability in Windows Print Spooler
Associated ZDI ID
CVSS Score7.8 High
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Local
Attack Complexity (AC)Low
Privilege Required (PR)Low
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
availability (a)High

How To Test The Windows Server Is Vulnerable To CVE-2022-22718?

Exploit script published on GitHub has made the testing process simple and easy. Follow these simple steps to test your Windows server vulnerable to the CVE-2022-22718 flaw.

Step 1. Download the exploit from GitHub or clone the git

Use this git command to clone the repository. 

> git clone https://github.com/LudovicPatho/CVE-2022-22718-SpoolFool.git
OrVisit the Git page and 
download it.
Note: Most Antivirus programs will treat this as a malicious file. You may need to stop the AntiVirus service to work on this script.

Step 2. Check the user ‘admin’

The idea behind this test is to create a user ‘admin’ by running this script.
Run this command to check the presence of user ‘admin’.

> net user admin

This time you don’t have the user ‘admin’ on the machine.

Step 3. Run the exploit

Unzip the file, and change the directory to the SpoolFool.exe. Run the exe file using ‘.\’ as shone here.

> .\SpoolFool.exe -dll .\AddUser.dll

Step 4. Check the user ‘admin’ again

If your machine is vulnerable then a user ‘admin’ should have been created.

> net user admin

How To Fix CVE-2022-22718- A Privilege Escalation Vulnerability In Windows Print Spooler?

Microsoft has acknowledged the Windows Print Spooler vulnerability and released the patch in its February month security updates. It is recommended to apply the February security patches to fix this flaw.

If you are not in a position to apply the patch anytime soon, disable the spooler service. The best option to mitigate the print spooler vulnerability is to disable the print spooler service on the server and/or workstation on which the service is barely used. 

Check out how to disable the Printer Spooler service and how to check the status of the service in detail. 

Follow these tips to mitigate the Print Spooler service:

  1. Change the Registry Settings To Disable The Security Update

  2. Permit Users To Only Connect To Trusted Print Servers

  3. Permit Users To Only Connect To Trusted Print Servers With Specific Package Point

We hope this post would help you know How to Fix CVE-2022-22718- A Privilege Escalation Vulnerability in Windows Print Spooler. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, Medium & Instagram, and subscribe to receive updates like this. 

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Application Security

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe