CVE-2022-38028

HIGH
2022-10-11 [email protected]
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 26, 2026 - 11:19 vuln.today
Added to CISA KEV
Oct 30, 2025 - 19:37 cisa
CISA KEV
Patch Released
Oct 30, 2025 - 19:37 nvd
Patch available
CVE Published
Oct 11, 2022 - 19:15 nvd
HIGH 7.8

Tags

Windows

Description

Windows Print Spooler Elevation of Privilege Vulnerability

Analysis

Windows Print Spooler allows local privilege escalation that was exploited by the Russian GRU's 'Forest Blizzard' (APT28) group using a custom tool called 'GooseEgg' for credential theft and lateral movement in government networks.

Technical Context

The Print Spooler vulnerability allows a local attacker to escalate privileges through crafted interactions with the printer driver installation process. APT28's GooseEgg tool automates exploitation and post-exploitation credential extraction.

Affected Products

['Microsoft Windows (Print Spooler component)']

Remediation

Apply Microsoft security update. Disable the Print Spooler service on systems that don't require printing. Monitor for GooseEgg indicators of compromise. Implement credential guard to protect LSASS.

Priority Score

104
Low Medium High Critical
KEV: +50
EPSS: +5.0
CVSS: +39
POC: 0

Share

CVE-2022-38028 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy