[CISA-2024:0423] CISA Adds One Known Exploited Vulnerability to Catalog
Severity
High
CVEs
1
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
[CVE-2022-38028] Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions.
- Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Microsoft
- Product: Windows
- Due Date: Tue May 14 00:00:00 2024
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38028; https://nvd.nist.gov/vuln/detail/CVE-2022-38028
- ID
- CISA-2024:0423
- Severity
- high
- Severity from
- CVE-2022-38028
- URL
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Published
-
2024-04-23T00:00:00
(4 months ago) - Modified
-
2024-04-23T00:00:00
(4 months ago) - Other Advisories
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |