Cyber Resilience

CVE-2022-22718

HighCISA KEVActive ExploitationEUVD Exploited

Published: 09 February 2022

Published
09 February 2022
Modified
30 October 2025
KEV Added
19 April 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0772 92.1th percentile
Risk Priority 40 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-22718 is a high-severity an unspecified weakness vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 7.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2022-22718 is an elevation of privilege vulnerability in the Windows Print Spooler service. The flaw received a CVSS 3.1 base score of 7.8 and affects the print spooler component on supported Windows versions, allowing an attacker who can interact with the service to obtain higher privileges on the host.

A local attacker with low privileges can exploit the issue without user interaction to achieve full control over confidentiality, integrity, and availability on the affected system. Successful exploitation grants the ability to run arbitrary code with elevated rights, typically SYSTEM-level access.

Microsoft’s security update guide addresses the flaw through patches released in February 2022, while CISA lists the CVE in its Known Exploited Vulnerabilities catalog, confirming observed in-the-wild activity and requiring federal agencies to apply mitigations.

EPSS for the vulnerability rose from a low baseline to a peak of 0.4123 on 2023-04-08 before receding to the current value of 0.0772, indicating a clear post-disclosure increase in exploitation interest that warrants renewed attention.

EU & UK References

Vulnerability details

Windows Print Spooler Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
19 April 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.19204
microsoft
windows 10 1607
≤ 10.0.14393.4946
microsoft
windows 10 1809
≤ 10.0.17763.2565
microsoft
windows 10 1909
≤ 10.0.18363.2094
microsoft
windows 10 20h2
≤ 10.0.19042.1526
microsoft
windows 10 21h1
≤ 10.0.19043.1526
microsoft
windows 10 21h2
≤ 10.0.19044.1526
microsoft
windows 11 21h2
≤ 10.0.22000.493
microsoft
windows 7
all versions
microsoft
windows 8.1
all versions
+7 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of the February 2022 security update that eliminates the Print Spooler EoP flaw.

prevent

Enforces least-privilege so a local account cannot reach the SYSTEM context the vulnerability would otherwise grant.

prevent

Allows disabling or removing the Print Spooler service on systems where printing is not required, eliminating the attack surface.

References