Privilege Escalation Vulnerability in Windows Print Spooler – CVE-2022-22718

We would like to bring to your attention a recently released patch to address a vulnerability identified within the Windows print spooler service.

This issue is being called ‘SpoolFool’ and is related to the previously known group of vulnerabilities that went under the name ‘Print Nightmare’ which were publicly disclosed towards the end of 2021. Whilst several minor patches and mitigations have been previously released, some of these have been successfully circumvented, potentially leaving the system vulnerable to variations of the original exploit.

This issue is being tracked under the following CVE:

• CVE-2022-22718

The following CVE’s relate to the earlier print spooler issues that this vulnerability is built on top of:

• CVE-2020–1048

• CVE-2020–1337

• CVE-2020-1030

Exploitability

A proof of concept exploit exists for this issue, but due to the requirements of needing a local access to trigger the vulnerability we are yet to see this being exploited in the wild.

Remediation

As of 8th February 2022, a new patch is available which causes the Spool Directory to no longer be created when the Spooler is initialised, causing the Print Spooler to fall back to its default spool directory. Ensure the following patch has been applied:

• https://msrc.microsoft.com/update-guide/releaseNote/2022-Feb

References

• https://research.ifcr.dk/spoolfool-windows-print-spooler-privilege-escalation-cve-2022-22718-bf7752b68d81

• https://github.com/ly4k/SpoolFool

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22718

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1048

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1337

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1030

Everyone has a plan until they get punched in the face: reflections on the NCSC 2025 annual review

The NCSC Annual Review 2025 delivers a reality check. Highly significant cyber incidents have increased by 50 percent year over year. It’s time to act.

Part 3: CBEST Series – The Future of Threat-Led Penetration Testing

Regulated testing like CBEST is pivotal, but as threats shift, organizations must adopt more strategic, agile threat-led penetration testing. Discover what’s next.

Prime Day Scams – How Attackers Exploit Trust and Urgency

Every Prime Day, fake delivery texts flood inboxes, exploiting shoppers’ urgency and trust. We explain how these scams work and what both consumers and security teams…