[CISA-2024:0423] CISA Adds One Known Exploited Vulnerability to Catalog

Severity High

CVEs 1

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

**[CVE-2022-38028] Microsoft Windows Print Spooler Privilege Escalation Vulnerability **

Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions.

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: Microsoft
Product: Windows
Due Date: Tue May 14 00:00:00 2024
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38028

ID

CISA-2024:0423

Severity

high

URL

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Published

2024-04-23T00:00:00
(3 months ago)

Modified

2024-04-23T00:00:00
(3 months ago)

Other Advisories

MS:CVE-2022-38028

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date