Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2022-22718

Published: 09/02/2022 Updated: 08/08/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 642
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Windows 10

Vulnerability Summary

Windows Print Spooler Elevation of Privilege Vulnerability

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 10 -

microsoft windows 10 1607

microsoft windows server 2008 r2

microsoft windows server 2012 r2

microsoft windows server 2016 -

microsoft windows rt 8.1 -

microsoft windows server 2012 -

microsoft windows server 2008 -

microsoft windows 8.1 -

microsoft windows server 2019 -

microsoft windows 10 1809

microsoft windows 10 1909

microsoft windows 10 20h2

microsoft windows 10 21h1

microsoft windows 11 -

microsoft windows 7 sp1

microsoft windows server 20h2

microsoft windows server 2022

microsoft windows 10 21h2

Exploits

Exploit DB: Windows SpoolFool Privilege Escalation
The Windows Print Spooler has a privilege escalation vulnerability that can be leveraged to achieve code execution as SYSTEM The SpoolDirectory, a configuration setting that holds the path that a printer's spooled jobs are sent to, is writable for all users, and it can be configured via SetPrinterDataEx() provided the caller has the PRINTER_ACCESS ...

Github Repositories

https://github.com/ahmetfurkans/CVE-2022-22718

A Privilege Escalation Vulnerability In Windows Print Spooler On Feb 9, 2022: The US Cyber in Infrastructure Security Agency (CISA) added the Windows Print Spooler vulnerability to their list of actively exploited vulnerabilities The vulnerability was identified as CVE-2022–22718 with the Common Vulnerability Scoring System (CVSS) score rated as high at 72 This CVE ID

https://github.com/J0hnbX/2022-22718

SpoolFool Exploit for CVE-2022–22718 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE) Details The provided exploit should work by default on all Windows desktop versions Please see the blog post for full technical details here Usage PS C:\SpoolFool> \SpoolFoolexe SpoolFool By Oliver Lyak (@ly4k_) Examples: C:\SpoolFool\SpoolFoolexe -dll

Recent Articles

Microsoft manages a mere 51 security fixes for February update bundle
The Register • Thomas Claburn in San Francisco • 01 Jan 1970

Get our weekly newsletter Excitement this month can be found in SAP code, with critical Log4j repairs and a CISA warning

Patch Tuesday Microsoft for its February Patch Tuesday gave Windows admins just 51 fixes to apply, the smallest number of patches since the meager ration of 44 in August 2021. February tends to be a slow month for repairs because bugs left untended over the winter holidays often get dealt with in January, leaving not all that much for the following month. Perhaps more noteworthy is that there's not a single critical CVE listed in the February patch list. Fifty of the fixes are rated Important wh...

Read more...

References

NVD-CWE-noinfohttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22718https://nvd.nist.govhttps://github.com/ahmetfurkans/CVE-2022-22718https://www.theregister.co.uk/2022/02/09/microsoft_patch_tuesday/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook