There are new unpatched bugs in Windows Print Spooler

2021-07-19 09:59

Security researchers have unearthed new elevation of privilege bugs in Windows Print Spooler, one of the oldest Windows components.

Scarce details have been shared about the first one, aside from the note that it "Exists when the Windows Print Spooler service improperly performs privileged file operations," and can be exploited by an attacker to elevate privilege to SYSTEM level.

The other is a signature-check bypass that also allows EoP, by exploiting certain aspects of the Point and Print capability that allows non-admin users to install printer drivers.

What we know about these Windows Print Spooler bugs?

Until a security update is provided, the company advises enterprise admins to stop and disable the Print Spooler service - if possible.

CERT/CC's Will Dorman has helpfully explained the root of the vulnerability and delineated possible temporary workarounds: blocking outbound SMB traffic at the network boundary and configuring the "Package Point and Print - Approved servers" Group Policy to prevent installation of printers from arbitrary servers.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/ALYgg6JcdTs/

#windows