PrintDemon – patch this ancient Windows printer bug!

2020-05-14 16:18

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system.

What the researchers discovered, very greatly simplified, is that with some simple PowerShell commands, any user can setup a new printer device on Windows, provided that there's already a low-level driver program installed to support the destination printer.

By combining the built-in printer driver called Generic / Text Only with a local printer spoolfile for temporary output, anyone can set up a "New" printer with any name they like.

Will set up a printer called MyPrinter, and pretty much whatever you print to it will end up sitting around, until you print something else, in the intermediate file called spoolfilename.

In particular, we couldn't figure out how to use just one line of PowerShell to control exactly what would get printed to the rogue spoolfile, so we couldn't write any content that came out as a legal Windows executable.

News URL

https://nakedsecurity.sophos.com/2020/05/14/printdemon-patch-this-ancient-windows-printer-bug/

#patch #windows