Cyber Resilience

CVE-2022-38028

HighCISA KEVActive ExploitationEUVD Exploited

Published: 11 October 2022

Published
11 October 2022
Modified
30 October 2025
KEV Added
23 April 2024
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0391 88.6th percentile
Risk Priority 38 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-38028 is a high-severity an unspecified weakness vulnerability in Microsoft Windows 10 1607. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 11.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Deeper analysis

Windows Print Spooler Elevation of Privilege Vulnerability CVE-2022-38028 affects the Windows Print Spooler component and carries a CVSS 3.1 score of 7.8. The flaw permits an attacker to elevate privileges on an affected system through local access with low attack complexity and no user interaction required.

An authenticated local user with low privileges can exploit the vulnerability to obtain high impact on confidentiality, integrity, and availability, effectively allowing elevation to higher privilege levels on the host. Exploitation requires only local access and does not depend on network adjacency or additional user actions.

Microsoft security advisories at the listed MSRC URLs direct administrators to apply the patches released for the vulnerability. The presence of the CVE in CISA’s Known Exploited Vulnerabilities catalog confirms that in-the-wild exploitation has occurred, and the EPSS score rose from a low baseline to a peak of 0.0676 on 2025-12-11 before receding to the current value of 0.0391, indicating that exploitation interest increased after disclosure.

EU & UK References

Vulnerability details

Windows Print Spooler Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
23 April 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.19507
microsoft
windows 10 1607
≤ 10.0.14393.5427 · ≤ 10.0.14393.5427
microsoft
windows 10 1809
≤ 10.0.17763.3532
microsoft
windows 10 20h2
≤ 10.0.19042.2130 · ≤ 10.0.19042.2130
microsoft
windows 10 21h1
≤ 10.0.19043.2130
microsoft
windows 10 21h2
≤ 10.0.19044.2130
microsoft
windows 11 22h2
≤ 10.0.22621.674
microsoft
windows 8.1
≤ 6.3.9600.20625
microsoft
windows rt 8.1
≤ 6.3.9600.20625
microsoft
windows server 2012
all versions, r2
+3 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforcing least privilege on the Print Spooler service and its child processes directly blocks the low-privileged local attacker from obtaining SYSTEM-level rights via CVE-2022-38028.

prevent

Requires timely application of the Microsoft patches that close the elevation-of-privilege flaw in the Print Spooler component.

prevent

Access-enforcement mechanisms can be configured to restrict the spooler’s ability to perform the unauthorized operations that lead to privilege escalation.

References