Windows Print Spooler Vulnerability

Windows Print Spooler Vulnerability

A high* level vulnerability related to Windows Print Spooler has just published.

The vulnerability is classified as Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Affected Systems

• Windows Server 2012 R2, Windows Server 2012, Windows RT 8.1, Windows 10, Windows 11

IoC’s

-

Recommended Solution(s)

As a workaround the steps listed below can be applied.
Run the following in Windows PowerShell to determine if the print spooler service is running:
Get-Service -Name Spooler

If the Print Spooler is running or if the service is not disabled, follow these steps.
If stopping and disabling the Print Spooler service is appropriate for your environment, run the following in Windows PowerShell:
Stop-Service -Name Spooler -Force
Set-Service -Name Spooler -StartupType Disabled

Stopping and disabling the “Print Spooler” service disables the ability to print both locally and remotely.

It is highly recommended to install “Monthly Rollup” or “Security Only” releases listed below according to OS:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22041#securityUpdates

CVE / CWE

CVE-2022-22041

Related Website(s)

• https://nvd.nist.gov/vuln/detail/CVE-2022-22041
• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22041

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.