• Home
  • |
  • Blog
  • |
  • How To Fix CVE-2022-22718- A Privilege Escalation Vulnerability In Windows Print Spooler
How to Fix CVE-2022-22718- A Privilege Escalation Vulnerability in Windows Print Spooler

The Cybersecurity and Infrastructure Security Agency (CISA) rings a warning bell for three Windows vulnerabilities as hackers are actively trying to exploit the flaws in the wild. The Print Spooler vulnerability tracked as CVE-2022-22718 is one of the three flaws. This flaw allows advisories to exploit locally without user interaction. And the most concerning thing about this flaw is that it affects all the versions of the Microsoft Windows operating system, including servers and workstations. Moreover, the Spooler service is enabled by default at start-up. All these factors have made the flaw severe and addresse it as soon as possible. We urge all the Windows admins and individuals who own the Windows server or PC should consider this warning message and need to fix the CVE-2022-22718 vulnerability. Let’s see how to fix CVE-2022-22718, a privilege escalation vulnerability in Windows Print Spooler.

What is Windows Print Spooler?

Windows Print Spooler is a built-in system service on all Windows workstations and servers that manages printing jobs and queues. It enables Windows applications to share printers with other computers on the network. When you print a document, the spooler places the print job in a queue.

Its main functions are retrieving the location of the correct printer driver, loading that driver, spooling high-level function calls into a print job, scheduling the print job for printing, and so on. This service is enabled by default and runs until the system is up and running. Here is the simple architecture of the Print Spooler service.

Summary Of CVE-2022-22718:

This is a privilege escalation vulnerability in the Windows Print Spooler service that allows advisories to exploit locally without user interaction. 

Associated CVE IDCVE-2022-22718
DescriptionA Privilege Escalation Vulnerability in Windows Print Spooler
Associated ZDI ID
CVSS Score7.8 High
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Local
Attack Complexity (AC)Low
Privilege Required (PR)Low
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
availability (a)High

How To Test The Windows Server Is Vulnerable To CVE-2022-22718?

Exploit script published on GitHub has made the testing process simple and easy. Follow these simple steps to test your Windows server vulnerable to the CVE-2022-22718 flaw.

Time needed: 10 minutes.

How To Test The Windows Server Is Vulnerable To CVE-2022-22718?

  1. Download the exploit from GitHub or clone the git

    Use this git command to clone the repository. 

    > git clone https://github.com/LudovicPatho/CVE-2022-22718-SpoolFool.git
    Or
    Visit the Git page and download it.

    Note: Most Antivirus programs will treat this as a malicious file. You may need to stop the AntiVirus service to work on this script.

    Download the exploit of CVE-2022-22718 from GitHub or clone the git

  2. Check the user ‘admin’

    The idea behind this test is to create a user ‘admin’ by running this script.

    Run this command to check the presence of user ‘admin’.

    > net user admin

    This time you don’t have the user ‘admin’ on the machine.
    Check the user 'admin'

  3. Run the exploit

    Unzip the file, and change the directory to the SpoolFool.exe. Run the exe file using ‘.\’ as shone here.

    > .\SpoolFool.exe -dll .\AddUser.dll

    Run the exploit

  4. Check the user ‘admin’ again

    If your machine is vulnerable then a user ‘admin’ should have been created.

    > net user admin

    Check the user 'admin' again

How To Fix CVE-2022-22718- A Privilege Escalation Vulnerability In Windows Print Spooler?

Microsoft has acknowledged the Windows Print Spooler vulnerability and released the patch in its February month security updates. It is recommended to apply the February security patches to fix this flaw.

If you are not in a position to apply the patch anytime soon, disable the spooler service. The best option to mitigate the print spooler vulnerability is to disable the print spooler service on the server and/or workstation on which the service is barely used. 

Check out how to disable the Printer Spooler service and how to check the status of the service in detail. 

Follow these tips to mitigate the Print Spooler service:

  1. Change the Registry Settings To Disable The Security Update
  2. Permit Users To Only Connect To Trusted Print Servers
  3. Permit Users To Only Connect To Trusted Print Servers With Specific Package Point

We hope this post will help you know How to Fix CVE-2022-22718- A Privilege Escalation Vulnerability in Windows Print Spooler. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this. 

About the author

Arun KL

Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.