15 matches found
Announcing Metasploit 6.2
Metasploit 6.2.0 has been released, marking another milestone that includes new modules, features, improvements, and bug fixes. Since Metasploit 6.1.0 August 2021 until the latest Metasploit 6.2.0 release we’ve added: 138 new modules 148 enhancements and features 156 bug fixes Top modules Each...
Metasploit Weekly Wrap-Up
CVE-2022-21999 - SpoolFool Our very own Shelby Pace has added a new module for the CVE-2022-21999 SpoolFool privilege escalation vulnerability. This escalation vulnerability can be leveraged to achieve code execution as SYSTEM. This new module has successfully been tested on Windows 10 10.0 Build...
CVE-2022-21999 SpoolFool Privesc
The Windows Print Spooler has a privilege escalation vulnerability that can be leveraged to achieve code execution as SYSTEM. The SpoolDirectory, a configuration setting that holds the path that a printer's spooled jobs are sent to, is writable for all users, and it can be configured via...
Windows SpoolFool Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CVE-2022-21999 SpoolFool Privesc', 'Description' = %q The Windows Print Spooler has a privilege escalation vulnerability that can be leveraged to...
CVE-2022-21999
Windows Print Spooler Elevation of Privilege Vulnerability...
CVE-2022-21999
Technical details about CVE-2022-21999 are not publicly provided in the supplied connected documents. Based on the materials, we cannot specify affected software, root cause, or remediation. Monitor for updates from official advisories and vendor disclosures.
CVE-2022-21999 Windows Print Spooler Elevation of Privilege Vulnerability
...
CVE-2022-21999
creationtimestamp| type| source ---|---|--- 2022-02-09 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=736 2022-03-16 13:56:13+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/cve202221999spoolfoolprivesc.rb 2022-03-25...
KLA12458 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, cause denial of service. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability ...
KB5010351: Windows 10 version 1809 / Windows Server 2019 Security Update (February 2022)
The remote Windows host is missing security update 5010351. It is, therefore, affected by multiple vulnerabilities %NASLMINLEVEL 70300 C Tenable, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid157432; scriptversion"1.17";...
KB5010422: Windows 7 and Windows Server 2008 R2 Security Update (February 2022)
The remote Windows host is missing security update 5010422. It is, therefore, affected by multiple vulnerabilities - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. CVE-2022-21998 - A denial of service DoS vulnerability. An...
KB5010403: Windows Server 2008 Security Update (February 2022)
The remote Windows host is missing security update 5010403. It is, therefore, affected by multiple vulnerabilities - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. CVE-2022-21993, CVE-2022-21998 - A denial of service DoS...
KB5010392: Windows Server 2012 Security Update (February 2022)
The remote Windows host is missing security update 5010412. It is, therefore, affected by multiple vulnerabilities - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. CVE-2022-21993, CVE-2022-21998 - A denial of service DoS...
KB5010345: Windows 10 version 1909 Security Update (February 2022)
The remote Windows host is missing security update 5010345. It is, therefore, affected by multiple vulnerabilities - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. CVE-2022-21993, CVE-2022-21998 - A denial of service DoS...
KB5010358: Windows 10 LTS 1507 Security Update (February 2022)
The remote Windows host is missing security update 5010358. It is, therefore, affected by multiple vulnerabilities - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. CVE-2022-21993, CVE-2022-21998 - A denial of service DoS...