We would like to bring to your attention a recently released patch to address a vulnerability identified within the Windows print spooler service.
This issue is being called ‘SpoolFool’ and is related to the previously known group of vulnerabilities that went under the name ‘Print Nightmare’ which were publicly disclosed towards the end of 2021. Whilst several minor patches and mitigations have been previously released, some of these have been successfully circumvented, potentially leaving the system vulnerable to variations of the original exploit.
This issue is being tracked under the following CVE:
The following CVE’s relate to the earlier print spooler issues that this vulnerability is built on top of:
Exploitability
A proof of concept exploit exists for this issue, but due to the requirements of needing a local access to trigger the vulnerability we are yet to see this being exploited in the wild.
Remediation
As of 8th February 2022, a new patch is available which causes the Spool Directory to no longer be created when the Spooler is initialised, causing the Print Spooler to fall back to its default spool directory. Ensure the following patch has been applied:
References
-
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22718
-
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1048
-
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1337
-
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1030
Academy Launches Second Intake
CovertSwarm’s Academy is opening the 2024 intake. Apply and start your cybersecurity journey as an ethical hacker.
Combining regulation with real-world security assurance: DORA and NIS2
Whether you’re a local financial startup or a multinational food distributor, understanding how DORA and NIS2 may affect your organization is vital. With implementation dates just…
CovertSwarm named by Clutch among Top 100 Fastest-Growing Companies
Clutch has recognized us for achieving one of the highest revenue growth rates from 2022 to 2023.