Mandiant discovered a vulnerability that impacts the Microsoft Windows operating system, allowing an attacker elevate privileges from a non-privileged user to SYSTEM by abusing a weakness in the Windows Print Spooler service.
Very High - An attacker can abuse this vulnerability to elevate privileges on the local system.
Medium - An attacker needs local access to the target system as a low-privileged user.
CVE-2022-22717
An attacker can abuse the AddPrinter and SetPrinterDataEx Windows API calls to coerce the Spooler service into creating an arbitrary directory.
The resulting directory will allow low-privileged users to create new files and folders, leading to a privilege escalation vulnerability in the Windows Error Reporting service, previously described by Jonas Lyk [3].
This vulnerability is similar to CVE-2021-38671, CVE-2021-34483, CVE-2021-26878, and the research presented by Victor Mata [2] (CVE-2020-1030).
This issue was fixed as part of the February 2022 security update [1].
Thibault Van Geluwe de Berlaere, Mandiant
- 05/10/2021: Vulnerability submitted to MSRC and case opened
- 19/10/2021: Issue confirmed by Microsoft
- 08/02/2022: Patch released and CVE assigned