Windows Print Spooler Exploit: the Path for Threat Actors to Perform 65,000 Cyberattacks

If you’ve lately used Windows Print Spooler, here’s some bad news: you may have been hacked. Between July 2021 and April 2022, threat actors carried out nearly 65,000 cyberattacks through Windows’ Print Spooler application, according to a new analysis from cybersecurity firm Kaspersky. Furthermore, about half of the attacks (31,000) occurred in the first four quarters of 2022.

(…) The number of attacks exploiting numerous vulnerabilities in Windows Print Spooler have risen noticeably over the past four months. While Microsoft regularly releases patches for its Print Spooler, a software that manages the printing process, cybercriminals continue to actively exploit its vulnerabilities giving them the opportunity to distribute and install malicious programs on victims’ computers that can steal stored data. (…) Roughly 31,000 of these hits occurred during the last four months, from January to April. This suggests that vulnerabilities in Windows Print Spooler remain a popular attack route for cybercriminals, which means users need to be aware of any patches and fixes that Microsoft releases.

Source

Most Known Windows Print Spooler Vulnerabilities in Review

You surely remember PrintNightmare associated with vulnerabilities CVE-2021-1675 and CVE-2021-34527. Long story short, PrintNightmare was discovered through an unusual source, as a proof of concept (POC)

Read More: https://heimdalsecurity.com/blog/windows-print-spooler-exploit-the-path-for-threat-actors-to-perform-65000-cyberattacks/