1. Home
  2. Vulnerabilities
  3. CVE-2022-38028

CVE-2022-38028

CVSS v3.1 7.8 (High)
78% Progress
EPSS 0.05 % (21th)
0.05% Progress
Affected Products 13
Advisories 2
NVD Status Analyzed
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Windows Print Spooler Elevation of Privilege Vulnerability

Weaknesses
CWE-NVD-noinfo
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
Microsoft Corporation
Published Date
2022-10-11 19:15:15
(23 months ago)
Updated Date
2024-09-11 01:00:01
(8 days ago)
Microsoft Windows Print Spooler Privilege Escalation Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
Description
Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known to be Used in Ransomware Campaigns
Unknown
Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38028; https://nvd.nist.gov/vuln/detail/CVE-2022-38028
Vendor
Microsoft
Product
Windows
In CISA Catalog from
2024-04-23
(4 months ago)
Due Date
2024-05-14
(4 months ago)

Affected Products

Microsoft

Configuration #1

    CPE23 From Up To
  Microsoft Windows 10 1507 prior 10.0.10240.19507 version cpe:2.3:o:microsoft:windows_10_1507 < 10.0.10240.19507
  Microsoft Windows 10 1607 on X64 prior 10.0.14393.5427 version cpe:2.3:o:microsoft:windows_10_1607::*:*:*:*:*:x64 < 10.0.14393.5427
  Microsoft Windows 10 1607 on X86 prior 10.0.14393.5427 version cpe:2.3:o:microsoft:windows_10_1607::*:*:*:*:*:x86 < 10.0.14393.5427
  Microsoft Windows 10 1809 prior 10.0.17763.3532 version cpe:2.3:o:microsoft:windows_10_1809 < 10.0.17763.3532
  Microsoft Windows 10 20h2 on Arm64 prior 10.0.19042.2130 version cpe:2.3:o:microsoft:windows_10_20h2::*:*:*:*:*:arm64 < 10.0.19042.2130
  Microsoft Windows 10 20h2 on X86 prior 10.0.19042.2130 version cpe:2.3:o:microsoft:windows_10_20h2::*:*:*:*:*:x86 < 10.0.19042.2130
  Microsoft Windows 10 21h1 prior 10.0.19043.2130 version cpe:2.3:o:microsoft:windows_10_21h1 < 10.0.19043.2130
  Microsoft Windows 10 21h2 prior 10.0.19044.2130 version cpe:2.3:o:microsoft:windows_10_21h2 < 10.0.19044.2130
  Microsoft Windows 11 22h2 prior 10.0.22621.674 version cpe:2.3:o:microsoft:windows_11_22h2 < 10.0.22621.674
  Microsoft Windows 8.1 prior 6.3.9600.20625 version cpe:2.3:o:microsoft:windows_8.1 < 6.3.9600.20625
  Microsoft Windows Rt 8.1 prior 6.3.9600.20625 version cpe:2.3:o:microsoft:windows_rt_8.1 < 6.3.9600.20625
  Microsoft Windows Server 2012 cpe:2.3:o:microsoft:windows_server_2012:-
  Microsoft Windows Server 2012 R2 cpe:2.3:o:microsoft:windows_server_2012:r2
  Microsoft Windows Server 2016 prior 10.0.14393.5427 version cpe:2.3:o:microsoft:windows_server_2016 < 10.0.14393.5427
  Microsoft Windows Server 2019 prior 10.0.17763.3532 version cpe:2.3:o:microsoft:windows_server_2019 < 10.0.17763.3532
  Microsoft Windows Server 2022 prior 10.0.20348.1129 version cpe:2.3:o:microsoft:windows_server_2022 < 10.0.20348.1129