CVE-2022-35755

Q: What is the severity of CVE-2022-35755?

CVE-2022-35755 has a CVSS score of 7.3 (HIGH). This vulnerability allows attackers to gain SYSTEM-level privileges on Windows systems by exploiting the Print Spooler service. It affects Windows servers and workstations where the Print Spooler service is running. Attackers need local access to the system to exploit this vulnerability.

7.3 HIGH

📋 TL;DR

This vulnerability allows attackers to gain SYSTEM-level privileges on Windows systems by exploiting the Print Spooler service. It affects Windows servers and workstations where the Print Spooler service is running. Attackers need local access to the system to exploit this vulnerability.

💻 Affected Systems

Products:

Windows

Versions: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with Print Spooler service enabled (default on most Windows installations).

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with SYSTEM privileges, enabling installation of malware, data theft, and lateral movement across the network.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security controls, install persistent backdoors, and access sensitive system resources.

🟢

If Mitigated

Limited impact if proper access controls and monitoring are in place, though privilege escalation remains possible.

🌐 Internet-Facing: LOW - Requires local access to the system; not directly exploitable over the internet.

🏢 Internal Only: HIGH - Significant risk in internal networks where attackers can gain initial access through other means.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the system. Proof-of-concept code has been publicly released.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: August 2022 security updates (KB5012170 for Windows 10, KB5012178 for Windows 11, etc.)

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35755

Restart Required: Yes

Instructions:

1. Apply the August 2022 Windows security updates from Microsoft Update. 2. Restart the system to complete installation. 3. Verify the update is installed via Windows Update history.

🔧 Temporary Workarounds

Disable Print Spooler Service

windows

Stops the vulnerable service from running, preventing exploitation but disabling printing functionality.

sc stop spooler
sc config spooler start= disabled

Restrict Spooler Service Access

windows

Configure permissions to limit who can interact with the Print Spooler service.

Set-Service -Name Spooler -StartupType Disabled (PowerShell)

🧯 If You Can't Patch

Disable the Print Spooler service on non-essential systems
Implement strict access controls and monitoring for Print Spooler service activities

🔍 How to Verify

Check if Vulnerable:

Check if August 2022 security updates are installed via Windows Update or 'systeminfo' command.

Check Version:

wmic qfe list | findstr KB5012170 (or appropriate KB number)

Verify Fix Applied:

Verify KB5012170 (Windows 10) or KB5012178 (Windows 11) is installed in Windows Update history.

📡 Detection & Monitoring

Log Indicators:

Event ID 7036 for Print Spooler service stops/starts
Unusual process creation from spoolsv.exe
Privilege escalation attempts

Network Indicators:

Unusual RPC calls to Print Spooler service
SMB traffic to print shares

SIEM Query:

EventID=7036 AND ServiceName="Spooler" AND (State="stopped" OR State="started")

📊 Metadata

CVE ID: CVE-2022-35755

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Published: May 31, 2023

Last Updated: November 21, 2024

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35755 Mitigation,Patch,Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35755 Mitigation,Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 20h2 by Microsoft

Windows 10 20h2 by Microsoft

Windows 10 20h2 by Microsoft

Windows 10 21h1 by Microsoft

Windows 10 21h1 by Microsoft

Windows 10 21h1 by Microsoft

Windows 11 21h2 by Microsoft

Windows 11 21h2 by Microsoft

Windows 8.1 by Microsoft

Windows Rt 8.1 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 20h2 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Print Spooler Service

Restrict Spooler Service Access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export