CVE-2022-21999
HIGH KEV RANSOMWAREWindows Print Spooler - Privilege Escalation
Title source: llmExploitation Summary
CVE-2022-21999 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 25, 2022, with confirmed use in ransomware campaigns.
EIP tracks 2 public exploits from researchers including ly4k, Oliver Lyak, Shelby Pace, including a Metasploit module exploits/windows/local/cve_2022_21999_spoolfool_privesc.
AI-analyzed exploit summary This repository contains a functional exploit for CVE-2022-21999, a Windows Print Spooler Elevation of Privilege vulnerability. The exploit leverages a DLL to create a new local administrator account and add it to the administrators group.
Description
Windows Print Spooler Elevation of Privilege Vulnerability
Exploits (2)
This repository contains a functional exploit for CVE-2022-21999, a Windows Print Spooler Elevation of Privilege vulnerability. The exploit leverages a DLL to create a new local administrator account and add it to the administrators group.
This Metasploit module exploits CVE-2022-21999 (SpoolFool) to achieve local privilege escalation by manipulating the Windows Print Spooler's SpoolDirectory configuration via SetPrinterDataEx, leading to arbitrary DLL loading and SYSTEM-level code execution.
References (2)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H