Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-38028
CVE-2022-38028:
vulnerability analysis and mitigation
Overview
CVE-2022-38028 is a Windows Print Spooler Elevation of Privilege Vulnerability that affects various versions of Microsoft Windows. The vulnerability was initially discovered and patched in October 2022, though evidence suggests it was being exploited as early as June 2020. The vulnerability affects multiple Windows versions, including Windows 10, Windows 11, and various Windows Server editions (NVD). The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).
Technical details
The vulnerability exists in the Windows Print Spooler service and can be exploited to achieve SYSTEM-level permissions. The exploitation involves creating a custom protocol handler and registering a new CLSID to serve as the COM server. The attack manipulates the C: drive symbolic link in the object manager to redirect PrintSpooler's attempts to load specific files to an attacker-controlled directory. This results in the execution of malicious code with SYSTEM permissions through the PrintSpooler service (Help Net Security).
Impact
When successfully exploited, this vulnerability allows attackers to perform remote code execution, install backdoors, steal credentials, and execute other malicious activities with SYSTEM-level permissions. The vulnerability has been actively exploited by threat actors to target Ukrainian, Western European, and North American government, non-governmental, education, and transportation sector organizations (Help Net Security).
Mitigation and workarounds
Microsoft has released security updates to address this vulnerability. Organizations are strongly advised to install these patches. Additionally, if the Print Spooler service is not required, Microsoft recommends disabling it for domain controllers as an additional security measure (Help Net Security).
Community reactions
The vulnerability has gained renewed attention in April 2024 when it was added to CISA's Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply mitigations by May 14, 2024 (NVD).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management