CVE-2022-38028
Published: 11 October 2022
Summary
CVE-2022-38028 is a high-severity an unspecified weakness vulnerability in Microsoft Windows 10 1607. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 11.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).
Deeper analysis
Windows Print Spooler Elevation of Privilege Vulnerability CVE-2022-38028 affects the Windows Print Spooler component and carries a CVSS 3.1 score of 7.8. The flaw permits an attacker to elevate privileges on an affected system through local access with low attack complexity and no user interaction required.
An authenticated local user with low privileges can exploit the vulnerability to obtain high impact on confidentiality, integrity, and availability, effectively allowing elevation to higher privilege levels on the host. Exploitation requires only local access and does not depend on network adjacency or additional user actions.
Microsoft security advisories at the listed MSRC URLs direct administrators to apply the patches released for the vulnerability. The presence of the CVE in CISA’s Known Exploited Vulnerabilities catalog confirms that in-the-wild exploitation has occurred, and the EPSS score rose from a low baseline to a peak of 0.0676 on 2025-12-11 before receding to the current value of 0.0391, indicating that exploitation interest increased after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-40634
Vulnerability details
Windows Print Spooler Elevation of Privilege Vulnerability
- CWE(s)
- KEV Date Added
- 23 April 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforcing least privilege on the Print Spooler service and its child processes directly blocks the low-privileged local attacker from obtaining SYSTEM-level rights via CVE-2022-38028.
Requires timely application of the Microsoft patches that close the elevation-of-privilege flaw in the Print Spooler component.
Access-enforcement mechanisms can be configured to restrict the spooler’s ability to perform the unauthorized operations that lead to privilege escalation.