Security News > 2021 > July > Defcon Talk Prompts New Windows Print Spooler Flaw Warning

Defcon Talk Prompts New Windows Print Spooler Flaw Warning
2021-07-16 17:52

Microsoft's problems with security defects in the Windows Print Spooler utility are getting worse by the week.

After spending the last two months pushing out multiple Print Spooler fixes, Redmond's security response team late Thursday acknowledged a new, unpatched bug that exposes Windows users to privilege escalation attacks.

There is no patch available and Microsoft says the only workaround is for Windows users to stop and disable the Print Spooler service.

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations.

In a talk titled Bring Your Own Print Driver Vulnerability, Baines is scheduled to talk about how to introduce vulnerable Windows print drivers to a fully patched system.

What can you do, as an attacker, when you find yourself as a low privileged Windows user with no path to SYSTEM? Install a vulnerable print driver! In this talk, you'll learn how to introduce vulnerable print drivers to a fully patched system.


News URL

http://feedproxy.google.com/~r/securityweek/~3/zQPxiFT0DwE/defcon-talk-prompts-new-windows-print-spooler-flaw-warning