Serviceteam IT Security News
Another vulnerability in the same Windows component was abused by Stuxnet a decade ago

A vulnerability in a decades-old Windows component that controls printing on machines running the operating system could be abused by malicious actors to gain elevated privileges on the targeted system, according to security researchers Yarden Shafir and Alex Ionescu.

The flaw, which they dubbed PrintDemon, resides in Windows Print Spooler and affects all Windows versions since Windows NT4.0, released in 1996. The component has remained largely unchanged since; another vulnerability affecting it was abused by the infamous Stuxnet a decade ago.

“An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” said Microsoft. Windows 7, 8.1, 10, and Windows Server 2008, 2012, 2016, and 2019 all contained the vulnerability.

Indexed as CVE-2020-1048, the flaw cannot be abused remotely, however. Microsoft deemed its exploitation as not particularly likely and said that an attacker would need to log on to an affected system and use a specially written script or application. The vulnerability can be abused to elevate privileges, bypass endpoint detection and response rules, and gain persistence.

Peleg Hadar and Tomer Bar from SafeBreach Labs have been credited with the discovery of the flaw.

As part of this month’s Patch Tuesday, which plugged a total of 111 security holes, Microsoft changed how the Windows Print Spooler Component writes data to the file system. You’re best advised to download and apply the update. No patch is available for systems past end of life, however.

Source: HERE

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!