Security News > 2022 > April > CISA warns of attackers now exploiting Windows Print Spooler bug
The Cybersecurity and Infrastructure Security Agency has added three new security flaws to its list of actively exploited bugs, including a local privilege escalation bug in the Windows Print Spooler.
Redmond patched several other Windows Print Spooler bugs in the last 12 months, including the critical PrintNightmare remote code execution vulnerability.
After technical details and a proof-of-concept exploit for PrintNightmare were accidentally leaked, CISA warned admins to disable the Windows Print Spooler service on Domain Controllers and systems not used for printing to block potentially incoming attacks.
Last week, CISA added another privilege escalation bug in the Windows Common Log File System Driver to the list of flaws exploited in the wild, a bug reported by CrowdStrike and the US National Security Agency and patched by Microsoft during this month's Patch Tuesday.
Even though this directive only applies to US federal agencies, CISA also strongly urges all US organizations to fix this Windows Print Spooler elevation of privilege bug to thwart attempts to escalate privileges on their Windows systems.
Since the BOD 22-01 binding directive was issued, CISA has added hundreds of security bugs to its list of actively exploited vulnerabilities, ordering US federal agencies to patch them as soon as possible to prevent breaches.