Security News > 2021 > July > Remote print server gives anyone Windows admin privileges on a PC
A researcher has created a remote print server allowing any Windows user with limited privileges to gain complete control over a device simply by installing a print driver.
In June, a security researcher accidentally revealed a zero-day Windows print spooler vulnerability known as PrintNightmare that allowed remote code execution and elevation of privileges.
Researchers have continued to devise new ways to exploit the vulnerability, with one researcher creating an Internet-accessible print server allowing anyone to open a command prompt with administrative privileges.
As some people did not believe his initial print driver could elevate privileges, on Tuesday, Delpy modified the driver to launch a SYSTEM command prompt instead. This new method effectively allows anyone, including threat actors, to get administrative privileges simply by installing the remote print driver.
As anyone can abuse this remote print server on the Internet to get SYSTEM level privileges on a Windows device, Delpy has offered several ways to mitigate the vulnerability.
The best way to prevent a remote server from exploiting this vulnerability is to restrict Point and Print functionality to a list of approved servers using the 'Package Point and print - Approved servers' group policy.
News URL
Related news
- New Windows Server updates cause domain controller crashes, reboots (source)
- Microsoft confirms Windows Server issue behind domain controller crashes (source)
- Microsoft releases emergency fix for Windows Server crashes (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- Microsoft: Copilot ‘app’ on Windows Server mistakenly added by Edge (source)