Security News > 2021 > July > Public print server gives anyone Windows admin privileges

Public print server gives anyone Windows admin privileges
2021-07-31 18:23

A researcher has created a remote print server allowing any Windows user with limited privileges to gain complete control over a device simply by installing a print driver.

In June, a security researcher accidentally revealed a zero-day Windows print spooler vulnerability known as PrintNightmare that allowed remote code execution and elevation of privileges.

Researchers have continued to devise new ways to exploit the vulnerability, with one researcher creating an Internet-accessible print server allowing anyone to open a command prompt with administrative privileges.

As some people did not believe his initial print driver could elevate privileges, on Tuesday, Delpy modified the driver to launch a SYSTEM command prompt instead. This new method effectively allows anyone, including threat actors, to get administrative privileges simply by installing the remote print driver.

As anyone can abuse this remote print server on the Internet to get SYSTEM level privileges on a Windows device, Delpy has offered several ways to mitigate the vulnerability.

The best way to prevent a remote server from exploiting this vulnerability is to restrict Point and Print functionality to a list of approved servers using the 'Package Point and print - Approved servers' group policy.


News URL

https://www.bleepingcomputer.com/news/microsoft/public-print-server-gives-anyone-windows-admin-privileges/