The security hole, tracked as CVE-2022-22718, was fixed by Microsoft with its February 2022 Patch Tuesday updates. It was one of the four Print Spooler issues addressed at the time.
According to Microsoft, CVE-2022-22718 can be exploited by a local attacker to escalate privileges, without the need for any user interaction.
CISA on Tuesday added the vulnerability to its Known Exploited Vulnerabilities Catalog, which currently tracks nearly 650 exploited flaws. Federal agencies have been given until May 10 to address this security hole, but CISA advises all organizations to prioritize the patching of the vulnerabilities included in this catalog, referred to by some as a “Must Patch” list.