On February 2022 Patch Tuesday, Microsoft released a patch to fix a high severity Windows Print Spooler privilege escalation vulnerability, tracked as CVE-2022-22718, which was one of four privilege escalation vulnerabilities in the Windows Print Spooler component to be patched on February 8. The vulnerability was assigned a CVSS severity score of 7.8 out of 10 and was marked as ‘exploitation more likely’. Hackers can exploit the flaw locally without any user interaction to elevate privileges in a low-complexity attack.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added the vulnerability to its Known Exploited Vulnerabilities Catalog as evidence has been found of hackers exploiting the vulnerability in the wild. CISA also added a further two vulnerabilities to the Exploited Vulnerabilities Catalog on April 19, 2022.
CVE-2018-6882 is a cross-site scripting (XSS) vulnerability in the Zimbra Collaboration Suite (ZCS). The vulnerability has a CVSS severity score of 6.1 and is rated medium severity but is being actively exploited. The flaw allows remote attackers to inject an arbitrary web script or HTML via a Content-Location header in an email attachment.
CISA has also added the CVE-2019-3568 vulnerability to the Known Exploited Vulnerabilities Catalog. This bug is a WhatsApp VOIP Stack Buffer Overflow vulnerability that has a CVSS severity score of 9.8, which allows remote code execution via a specially crafted series of RTCP packets sent to a target phone number.
CISA has issued a binding operational directive (BOD 22-01) for all Federal Civilian Executive Branch Agencies (FCEB) that requires them to patch the three vulnerabilities within 3 weeks. While the BOD only applies to federal agencies, CISA has encouraged all organizations to patch these vulnerabilities to prevent exploitation.