Feb 2022: Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-21999 Published on February 9, 2022
Windows Print Spooler Elevation of Privilege Vulnerability
Known Exploited Vulnerability
This Microsoft Windows Print Spooler Privilege Escalation Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.
The following remediation steps are recommended / required by April 15, 2022: Apply updates per vendor instructions.
Weakness Types
What is a Directory traversal Vulnerability?
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CVE-2022-21999 has been classified to as a Directory traversal vulnerability or weakness.
What is an insecure temporary file Vulnerability?
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CVE-2022-21999 has been classified to as an insecure temporary file vulnerability or weakness.
Products Associated with CVE-2022-21999
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-21999 are published in these products:
Affected Versions
Microsoft Windows 10 Version 1809:- Version 10.0.17763.0 and below 10.0.17763.2565 is affected.
- Version 10.0.0 and below 10.0.17763.2565 is affected.
- Version 10.0.17763.0 and below 10.0.17763.2565 is affected.
- Version 10.0.17763.0 and below 10.0.17763.2565 is affected.
- Version 10.0.0 and below 10.0.18363.2094 is affected.
- Version 10.0.0 and below 10.0.19043.1526 is affected.
- Version 10.0.20348.0 and below 10.0.20348.524 is affected.
- Version 10.0.0 and below 10.0.19042.1526 is affected.
- Version 10.0.0 and below 10.0.19042.1526 is affected.
- Version 10.0.0 and below 10.0.22000.493 is affected.
- Version 10.0.19043.0 and below 10.0.19044.1526 is affected.
- Version 10.0.10240.0 and below 10.0.10240.19204 is affected.
- Version 10.0.14393.0 and below 10.0.14393.4946 is affected.
- Version 10.0.14393.0 and below 10.0.14393.4946 is affected.
- Version 10.0.14393.0 and below 10.0.14393.4946 is affected.
- Version 6.1.0 and below 6.1.7601.25860 is affected.
- Version 6.1.0 and below 6.1.7601.25860 is affected.
- Version 6.3.0 and below 6.3.9600.20269 is affected.
- Version 6.0.6003.0 and below 6.0.6003.21374 is affected.
- Version 6.0.6003.0 and below 6.0.6003.21374 is affected.
- Version 6.0.6003.0 and below 6.0.6003.21374 is affected.
- Version 6.1.7601.0 and below 6.1.7601.25860 is affected.
- Version 6.1.7601.0 and below 6.1.7601.25860 is affected.
- Version 6.2.9200.0 and below 6.2.9200.23605 is affected.
- Version 6.2.9200.0 and below 6.2.9200.23605 is affected.
- Version 6.3.9600.0 and below 6.3.9600.20269 is affected.
- Version 6.3.9600.0 and below 6.3.9600.20269 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.