Vulnerability Management, Threat Intelligence, Patch/Configuration Management

Updated CISA exploited vulnerabilties catalog includes Windows print spooler bug

CISA warns buggy Sophos, Oracle, Microsoft apps join Known Exploited Vulnerabilities list

Attacks by Russian threat operation APT28, also known as Fancy Bear, Strontium, and Forest Blizzard, using the GooseEgg malware to exploit the Windows print spooler flaw, tracked as CVE-2022-38028, have prompted the security issue's inclusion to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, Security Affairs reports.

Patches for the flaw, which Microsoft issued in October 2022, should be implemented by federal agencies by May 14, according to CISA.

Organizations in various sectors across North America, Western Europe, and Ukraine had their systems infiltrated and sensitive data and credentials exfiltrated in attacks exploiting CVE-2022-38028, which are believed to have been conducted since at least June 2020 — with the GooseEgg tool performing JavaScript constraints file modification and execution to facilitate a wide range of post-exploitation activities, including backdoor deployment, remote code execution, and lateral network movement, a report from Microsoft revealed.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.