"Organizations Warned of Attacks Exploiting Recently Patched Windows Vulnerability"
The US Cybersecurity and Infrastructure Security Agency (CISA) has recently discovered that a recently patched Windows Print Spooler vulnerability has been exploited in attacks. The security hole, tracked as CVE-2022-22718, was fixed by Microsoft with its February 2022 Patch Tuesday updates. It was one of the four Print Spooler issues addressed at the time. According to Microsoft, CVE-2022-22718 can be exploited by a local attacker to escalate privileges without the need for any user interaction. CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, which currently tracks nearly 650 exploited flaws. Federal agencies have been given until May 10 to address this security hole, but CISA advises all organizations to prioritize the patching of the vulnerabilities included in this catalog, referred to by some as a “Must Patch” list. CISA did not share information about the attacks exploiting the vulnerability, and there do not appear to be any public reports describing exploitation of the flaw.