CVE-2022-38028
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
CVSS
—
Sin CVSS
EPSS
14.9%
p96
KEV
SÍ
23 abr 2024
Exploit Today
79
0-100
Publicado: — · Última mod.: —
Producto
Microsoft / Windows
Vulnerabilidad
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Añadido a KEV
23 abr 2024
Remediar antes de
14 may 2024
Uso conocido en ransomware
No
Descripción resumida
Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions.
Acción requerida
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notas
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38028; https://nvd.nist.gov/vuln/detail/CVE-2022-38028