Researchers Alex Ionesku and Yarden Shafir have
published details about a vulnerability found in Windows printing service. Codenamed
PrintDemon, this vulnerability impacts all Windows versions released from 1996.
According to the report this bug can’t be
used to break into Windows through the internet, so it not something that can
be exploited to hack Windows.
PrintDemon is a “local privilege escalation”
(LPE) vulnerability and can be used to escalate user-mode privilege to
administrator level.
Because Print Spooler is designed to be available
for any running application that wants to print a file, it doesn’t have any
restrictions. The attacker can create a print task to print to a file such as print
local DLL used by the app or OS. When printing task is started, attacker can
crash the Print Spooler, let the task resume but this time printing is running
with system privileges. That allows attackers to overwrite any file on the OS
or app.
Patches for PrintDemon released as part of
Microsoft May 2020 Patch Tuesday (CVE-2020-1048).
No comments:
Post a Comment