The United States Cybersecurity and Infrastructure Security Agency (CISA) recently reported three previously announced vulnerabilities are being actively exploited in the wild. These three are: CVE-2022-22718, CVE-2018-6882, and CVE-2019-3568. All three have patches available, respectively, for Microsoft Windows, Zimbra Collaboration Suite, and WhatsApp.
The most critical of the three is CVE-2022-22718, a Windows Print Spooler vulnerability distinct from last year’s CVE-2021-34527 and CVE-2021-1675, also known as PrintNightmare. CVE-2022-22718 represents a local privilege vulnerability which exists in every version of Windows. No further details or proof of concept (PoC) have been released on this vulnerability, and Microsoft security advisories have not yet been updated to reflect this vulnerability is being actively exploited by threat groups.
The three vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities Catalog (KEVC), which creates compliance requirements for all Federal Civilian Executive Branch Agencies (FCEB) to patch the bug and block existing exploitation attempts in three weeks, i.e. May 10th. Any federal contractors or other organizations which inherit compliance requirements from FCEB will also need to patch these vulnerabilities appropriately. In addition, as per CISA’s announcement, all organizations should plan to deploy patches for these actively exploited vulnerabilities as appropriate to their risk and vulnerability management plans. Disabling Windows Print Spooler services on Domain Controllers and other systems not used for printing will also contribute to mitigating Windows Print Spooler associated attacks.