Intel Name: Forest blizzard apt – javascript constrained file creation
Date of Scan: March 6, 2025
Impact: Medium
Summary: Monitors the creation of JavaScript files within the DriverStore directory. Forest Blizzard exploited the CVE-2022-38028 vulnerability in the Windows Print Spooler service by altering a JavaScript constraints file and executing it with SYSTEM-level privileges.
