US Gov’s CISA Warns of Windows Print Spooler Flaw After Microsoft Sees Russian Exploitation.

Toner News Mobile Forums Toner News Main Forums US Gov’s CISA Warns of Windows Print Spooler Flaw After Microsoft Sees Russian Exploitation.

Date: Thursday April 25, 2024 03:37:58 pm
  • This topic is empty.
Viewing 1 post (of 1 total)
  • Author
    Posts
  • #495707

    jim
    Keymaster

    CISA Warns of Windows Print Spooler
    Flaw After Microsoft Sees Russian Exploitation.
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a critical vulnerability in the Windows Print Spooler service. This flaw, tracked as CVE-2022-38028, has been actively exploited by threat actors, including a Russian cyberespionage group known as APT28 (also tracked by Microsoft as Forest Blizzard). Here are the key details:

    Vulnerability Description: The vulnerability allows an attacker to escalate privileges and execute arbitrary code with SYSTEM-level permissions on a vulnerable machine. Specifically, an attacker can modify a JavaScript constraints file and execute it with elevated privileges. The issue was addressed as part of Microsoft’s October 2022 Patch Tuesday updates.

    Risk and Impact: The flaw poses an unacceptable risk to federal agencies and potentially to other organizations. Exploitation of this vulnerability could lead to full system compromise of affected networks.

    Mitigation Steps: Federal agencies have been directed to identify vulnerable systems within their environments and apply available patches or remove the vulnerable products within three weeks. While the directive specifically applies to federal agencies, all organizations are urged to assess their systems for this vulnerability and address it promptly.

    Exploitation Details: APT28 has been exploiting this vulnerability in attacks targeting government, non-governmental, education, and transportation organizations. The group has been using a unique tool called GooseEgg, which allows for remote code execution, backdoor deployment, and lateral movement. APT28 has also targeted other Print Spooler vulnerabilities, including CVE-2023-23397 and the PrintNightmare bugs (CVE-2021-34527 and CVE-2021-1675).

    Recommendations: Organizations should prioritize patching and address vulnerabilities listed in the Known Exploited Vulnerabilities (KEV) catalog. Vigilance and timely action are crucial to prevent further exploitation.

    CISA Warns Russian Microsoft Hackers Targeted Federal Emails

  • Author
    April 25, 2024 at 3:37 PM
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.
25