CVE-2022-38028

Name of the Vulnerable Software and Affected Versions Microsoft Windows 10 versions prior to 10.0.10240.19507 Microsoft Windows 10 versions prior to 10.0.14393.5427 Microsoft Windows 10 versions prior to 10.0.17763.3532 Microsoft Windows 10 versions prior to 10.0.19042.2130 Microsoft Windows 10 versions prior to 10.0.19043.2130

Description The vulnerability is related to the Windows Print Spooler service and is associated with insufficient access restrictions. It allows attackers to elevate their privileges within the system. The issue has been exploited by the Russian hacking group Forest Blizzard, also known as APT28, using a custom tool called GooseEgg. This tool has been used to target organizations in Ukraine, Western Europe, and North America. The vulnerability has been used in conjunction with other exploits to gain system privileges. There have been reports of real-world incidents where this issue was exploited, including a case where attackers used the vulnerability to compromise a company's computer and steal credentials.

Recommendations For Microsoft Windows 10 versions prior to 10.0.10240.19507, update to a version that contains the fix for this vulnerability. For Microsoft Windows 10 versions prior to 10.0.14393.5427, update to a version that contains the fix for this vulnerability. For Microsoft Windows 10 versions prior to 10.0.17763.3532, update to a version that contains the fix for this vulnerability. For Microsoft Windows 10 versions prior to 10.0.19042.2130, update to a version that contains the fix for this vulnerability. For Microsoft Windows 10 versions prior to 10.0.19043.2130, update to a version that contains the fix for this vulnerability. As a temporary workaround, consider disabling the Windows Print Spooler service to minimize the risk of exploitation.