top of page
Writer's pictureAnup Ghosh

CISA Warns of Russian Exploitation of Windows Print Spooler Bug



The Download

CISA added a two-year old Windows bug to its Known Exploitable Vulnerability (KEV) list, directing Federal agencies to patch the bug within three weeks. The vulnerability, CVE-2022-38028 with CVSS 7.8, has been disclosed since 2022. However, there is now weaponization and active exploitation of the bug by Russian actor APT28 in governmental, non-profit and transportation organizations.


As part of the exploit, threat actor APT 28 drops a tool dubbed GooseEgg to launch other system level applications that can provide remote access.


What You Can Do

Anytime CISA adds a vulnerability to the KEV list, it is a good idea to follow their directive to immediately scan for that vulnerability in your environment and patch. Because this vulnerability is being actively used in exploits, time is of the essence.


To Learn More:


14 views
bottom of page