CVE-2022-29104 Windows Print Spooler Elevation of Privilege Vulnerability

The on-disk spooler is a service that keeps printer queues and printer logs and manages printing activity. It can be exploited to execute code in the context of the SYSTEM user. To exploit the vulnerability, an attacker must send a specially-crafted print job or host a specially-crafted website, and the victim must open the job or visit the website.

An attacker can host a specially-crafted website that is designed to allow a user to open the malicious job. An attacker can also send a specially-crafted print job via a malicious print server and a vulnerable client. An attacker may also send a specially-crafted print job via a malicious print server and a legitimate client.

Exploiting the vulnerability requires social engineering, such as sending a malicious email attachment or placing a malicious link in an email.

An attacker can also host a malicious website on a compromised hosting server and trick a user into visiting the website by tricking the user into clicking on a link in a malicious email.

Impact of Vulnerability:

An attacker can exploit this vulnerability to elevate their privileges or execute code in the context of SYSTEM.

Solution:

Update to the latest version of Windows.

Risk factor:

Critical / CVSS: 10/10

Complex / CVSS: 10/10

END Microsoft has released software updates to address this issue. Go to Windows Update and update your software.

Microsoft Edge CVE Information

An attacker could exploit this vulnerability by convincing a user to visit a website or open an email attachment.
Windows 10 does not automatically download update KB4100403 for Microsoft Edge. To manually install the update, use the following instruction:
This update is available from Windows Update and you can use Device Manager in Windows to see if it has been downloaded.

END

Exploiting the vulnerability requires social engineering, such as sending a malicious email attachment or placing a malicious link in an email.

Microsoft Office Vulnerabilities

The following vulnerabilities have been identified in Microsoft Office:

CVE-2019-0295 - Buffer Overflow Vulnerability in Word Processing Component Could Allow Remote Code Execution

CVE-2019-0296 - Buffer Overflow Vulnerability in Excel Component Could Allow Remote Code Execution

CVE-2019-0297 - Information Disclosure Vulnerability in Word Processing Component Could Allow Elevation of Privilege

CVE-2019-0298 - Information Disclosure Vulnerability in Excel Component Could Allow Elevation of Privilege

Microsoft Office Software

: 1) Microsoft Word
Microsoft Word, released in 1983 and originally known as Multi-Tool Word, is a word processor developed by Microsoft. Along with other Microsoft Office software, it is one of the most widely used suites of office productivity software. It was initially positioned as an alternative to popular word processors such as Aldus Pagemaker and Quattro Pro for Windows 3.1x and then later Windows 95 (in addition to its native Mac versions), but eventually became the dominant word processor on both platforms.

Microsoft Windows 10 April 2018 Update

Microsoft has released software updates to address this issue. Go to Windows Update and update your software.

Microsoft Edge Information Disclosure Vulnerability

A Microsoft Edge Information Disclosure Vulnerability has been discovered that can be exploited to allow attackers to gain access to sensitive information. When visiting a malicious webpage, an attacker can exploit this vulnerability to obtain sensitive information; including personally identifiable information (PII) and logon credentials.

This is a remote code execution vulnerability which means attackers could exploit this vulnerability and potentially take control of the targeted computer with full privileges. To exploit this vulnerability, an attacker must convince the victim to visit a malicious website.

Solution:

Update your software to the latest version.

Timeline

Published on: 05/10/2022 21:15:00 UTC
Last modified on: 05/20/2022 18:53:00 UTC

References