The United States Cybersecurity and Infrastructure Security Agency (CISA) recently reported three previously announced vulnerabilities are being actively exploited in the wild. These three are: CVE-2022-22718, CVE-2018-6882, and CVE-2019-3568. All three have patches available, respectively, for Microsoft Windows, Zimbra Collaboration Suite, and WhatsApp.
The most critical of the three is CVE-2022-22718, a Windows Print Spooler vulnerability distinct from last year’s CVE-2021-34527 and CVE-2021-1675, also known as PrintNightmare. CVE-2022-22718 represents a local privilege vulnerability which exists in every version of Windows. No further details or proof of concept (PoC) have been released on this vulnerability, and Microsoft security advisories have not yet been updated to reflect this vulnerability is being actively exploited by threat groups.