CVE-2022-30206

HIGH

Windows Print Spooler - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2022-30206. PoCs published by MagicPwnrin, Malwareman007.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2022-30206, targeting a vulnerability in the Windows Print Spooler service. The code includes utilities for file operations, directory object manipulation, and privilege escalation techniques.

Description

Windows Print Spooler Elevation of Privilege Vulnerability

Exploits (3)

nomisec WORKING POC 76 stars

by MagicPwnrin · poc

https://github.com/MagicPwnrin/CVE-2022-30206

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2022-30206, targeting a vulnerability in the Windows Print Spooler service. The code includes utilities for file operations, directory object manipulation, and privilege escalation techniques.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows Print Spooler

No auth needed

Prerequisites: Access to a vulnerable Windows system with the Print Spooler service running

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 15 stars

by Malwareman007 · poc

https://github.com/Malwareman007/CVE-2022-30206

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2022-30206, which involves directory object manipulation and oplock abuse in Windows. The code includes utilities for creating and manipulating directory objects, file operations, and oplock handling.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows

Auth required

Prerequisites: Local access to the target system · Administrative privileges to execute certain operations

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

inthewild WORKING POC

poc

https://github.com/pwnrin/cve-2022-30206

View Code ZIP pw:eip

This repository contains functional exploit code for CVE-2022-30206, targeting a Windows privilege escalation vulnerability. The code includes utilities for file operations, directory object manipulation, and oplock handling, which are likely used to exploit the vulnerability.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows (specific version not specified)

No auth needed

Prerequisites: Windows system with vulnerable configuration

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30206

Scores

CVSS v3 7.8

EPSS 0.2609

EPSS Percentile 96.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

Status published

Products (18)

microsoft/windows_10 (2 CPE variants)

microsoft/windows_10 20h2 (3 CPE variants)

microsoft/windows_10 21h1 (3 CPE variants)

microsoft/windows_10 21h2 (3 CPE variants)

microsoft/windows_10 1607 (2 CPE variants)

microsoft/windows_10 1809 (3 CPE variants)

microsoft/windows_11 (2 CPE variants)

microsoft/windows_7 (2 CPE variants)

microsoft/windows_8.1 (2 CPE variants)

microsoft/windows_rt_8.1

... and 8 more

Published Jul 12, 2022

Tracked Since Feb 18, 2026