CVE-2022-22718
Published: 09 February 2022
Summary
CVE-2022-22718 is a high-severity an unspecified weakness vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 7.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2022-22718 is an elevation of privilege vulnerability in the Windows Print Spooler service. The flaw received a CVSS 3.1 base score of 7.8 and affects the print spooler component on supported Windows versions, allowing an attacker who can interact with the service to obtain higher privileges on the host.
A local attacker with low privileges can exploit the issue without user interaction to achieve full control over confidentiality, integrity, and availability on the affected system. Successful exploitation grants the ability to run arbitrary code with elevated rights, typically SYSTEM-level access.
Microsoft’s security update guide addresses the flaw through patches released in February 2022, while CISA lists the CVE in its Known Exploited Vulnerabilities catalog, confirming observed in-the-wild activity and requiring federal agencies to apply mitigations.
EPSS for the vulnerability rose from a low baseline to a peak of 0.4123 on 2023-04-08 before receding to the current value of 0.0772, indicating a clear post-disclosure increase in exploitation interest that warrants renewed attention.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-27861
Vulnerability details
Windows Print Spooler Elevation of Privilege Vulnerability
- CWE(s)
- KEV Date Added
- 19 April 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of the February 2022 security update that eliminates the Print Spooler EoP flaw.
Enforces least-privilege so a local account cannot reach the SYSTEM context the vulnerability would otherwise grant.
Allows disabling or removing the Print Spooler service on systems where printing is not required, eliminating the attack surface.