Security News > 2020 > August > Researchers flag two zero-days in Windows Print Spooler

Researchers flag two zero-days in Windows Print Spooler
2020-08-07 12:31

In May 2020, Microsoft patched CVE-2020-1048, a privilege escalation vulnerability in the Windows Print Spooler service discovered by Peleg Hadar and Tomer Bar from SafeBreach Labs.

"The primary component of the printing interface is the print spooler. The print spooler is an executable file that manages the printing process. Management of printing involves retrieving the location of the correct printer driver, loading that driver, spooling high-level function calls into a print job, scheduling the print job for printing, and so on. The spooler is loaded at system startup and continues to run until the operating system is shut down," Microsoft explains.

"The Print Spooler code is at least 20 years old. In general, older code tends to contain old bugs and might be more risky because of security flaws but there were only few discovered vulnerabilities in the spooler service during the last 20+ years," Hadar told Help Net Security.

The newly discovered Windows Print Spooler zero-days.

They've also made available an SHD file template for the 010 hex editor, to help other researchers start their own research on the Print Spooler mechanism.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/--fKQxxPf9g/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-05-21 CVE-2020-1048 Incorrect Resource Transfer Between Spheres vulnerability in Microsoft products
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'.
local
low complexity
microsoft CWE-669
7.8