Longstanding Exploit in Microsoft Software Leveraged by Russian Hackers

Key Takeaways:
– Kremlin-supported cyber criminals capitalized on a Microsoft flaw for four years.
– The vulnerability, CVE-2022-38028, permitted hackers to gain system privileges in Windows.
– Microsoft did not indicate that the flaw was under active exploitation when it was patched in October 2022.
– The loophole is present in the Windows print spooler, known for hosting previously significant zero-days.

Russian Hackers Exploit Flaw in Microsoft Software

In a shocking revelation on Monday, Microsoft divulged that Kremlin-supported hackers have been exploiting a crucial fault in their software for almost four years. This exploit has led to attacks on a multitude of organizations through a previously unreported backdoor.

The Exploit CVE-2022-38028

The fault, named CVE-2022-38028, allows malicious actors to gain system privileges, the highest authority awarded in Windows. This is achievable when combined with a different exploit. Tapping into this loophole, which scores 7.8 out of a maximum 10 on the severity scale, demands low privileges and minimal complexity. The vulnerability is located in the Windows print spooler, a printer management function that has held other critical zero-days in the past.

Late Patching Without Disclosure

Microsoft patched the vulnerability in October 2022, at least two years after the Russian hackers started attacking via this loophole. However, the company failed to state that the fault was under active exploitation during the time of patch deployment. As of the time of writing, Microsoft’s advisory still does not mention the real-world targeting happening via this vulnerability. Windows users often prioritize patch installations based on whether there is a likelihood of the vulnerability being exploited in real-world scenarios.

Dropped Ball or Strategy?

Microsoft’s silence on the active exploitation during patching underlines a communication lapse or possibly strategic withholding of information. Understanding active threats is essential for users to prioritize patch deployment, and such exposure minimizes potential damages. The slip-up is especially concerning given the flaw’s exploitation by a powerful adversary like Russian hackers.

Information from NSA

Interestingly, Microsoft discovered the vulnerability thanks to information from the US National Security Agency. While the tech giant is yet to disclose whether the NSA was the first to find the flaw, the agency’s tip-off led to patching the loophole.

A History of Zero-Days

The presence of the vulnerability within the Windows print spooler brings back unpleasant memories of previous zero-day exploits. It underlines the deeply-rooted challenges with this component that handles print commands in the system. The print spooler has proven to be a recurring issue for Microsoft, hosting multiple exploits.

Addressing the Threat

The current predicament highlights the need for Microsoft to enhance its system’s protection against such vulnerabilities. The tech giant must prioritize patching loopholes and informing users about active threats. Users, on the other hand, should remain vigilant and install patches as soon as they roll out.

In conclusion, the recent revelation shines light on the present and potential threats that Windows users face due to cybersecurity attacks. With hackers finding innovative ways to infiltrate systems, it is critical for tech companies like Microsoft to stay one step ahead in the fight against cybercrime. As we move towards a more digitized world, ensuring software security becomes all the more crucial.


Please enter your comment!
Please enter your name here