Windows Print Spooler Elevation of Privilege Vulnerability - 20240423002

Overview

Microsoft Threat Intelligence has identified a custom tool used by Forest Blizzard (STRONTIUM) refered to as GooseEgg, which is used to elevate privileges and peform credential theft on compromised networks.

What is vulnerable?

CVE	Severity	CVSS	Product(s) Affected	Summary	Dated
CVE-2022-38028	High	7.8	Multiple Microsoft Windows Products listed here	Successful exploitation of this vulnerability could lead to gaining SYSTEM privileges.	20th December, 2023

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):

• Download Windows Security Update

Additional References

• CVE-2022-38028 | Tenable®
• Microsoft: APT28 hackers exploit Windows flaw reported by NSA (bleepingcomputer.com)
• NVD - CVE-2022-38028 (nist.gov)
• Analyzing Forest Blizzard's custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials | Microsoft Security Blog