April 24, 2024 at 09:15AM
The US cybersecurity agency CISA has added a two-year-old Windows Print Spooler flaw, CVE-2022-38028, to its Known Exploited Vulnerabilities catalog due to exploitation by APT28. Federal agencies are required to address this vulnerability within three weeks, while all organizations are urged to perform vulnerability assessments and apply the available patches promptly.
Based on the meeting notes, the key takeaways are as follows:
1. The US cybersecurity agency CISA has added a two-year-old Windows Print Spooler vulnerability, tracked as CVE-2022-38028 with a CVSS score of 7.8, to its Known Exploited Vulnerabilities (KEV) catalog.
2. This vulnerability allows attackers to gain System privileges on a vulnerable machine, and it has been exploited by a Russian cyberespionage group known as APT28 using a unique tool called GooseEgg.
3. Federal agencies have been directed by the Binding Operational Directive (BOD) 22-01 to identify and address the CVE-2022-38028 vulnerability within three weeks.
4. While the directive applies to federal agencies, CISA urges all organizations to conduct vulnerability assessments and address security bugs in the KEV catalog promptly.
5. Microsoft reported that the APT28 group has also exploited other Print Spooler vulnerabilities for GooseEgg deployment, including CVE-2023-23397, CVE-2021-34527, and CVE-2021-1675.
6. The attacks have primarily aimed at privilege escalation, as well as credential and data harvesting.
7. It’s important to note that there were no reports of in-the-wild exploitation of CVE-2022-38028 before Microsoft published its blog post on the GooseEgg attacks.