Security News > 2021 > July > Remote print server gives anyone Windows admin privileges on a PC
A researcher has created a remote print server allowing any Windows user with limited privileges to gain complete control over a device simply by installing a print driver.
In June, a security researcher accidentally revealed a zero-day Windows print spooler vulnerability known as PrintNightmare that allowed remote code execution and elevation of privileges.
Researchers have continued to devise new ways to exploit the vulnerability, with one researcher creating an Internet-accessible print server allowing anyone to open a command prompt with administrative privileges.
As some people did not believe his initial print driver could elevate privileges, on Tuesday, Delpy modified the driver to launch a SYSTEM command prompt instead. This new method effectively allows anyone, including threat actors, to get administrative privileges simply by installing the remote print driver.
As anyone can abuse this remote print server on the Internet to get SYSTEM level privileges on a Windows device, Delpy has offered several ways to mitigate the vulnerability.
The best way to prevent a remote server from exploiting this vulnerability is to restrict Point and Print functionality to a list of approved servers using the 'Package Point and print - Approved servers' group policy.
News URL
Related news
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
- Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)