Researcher Uncover But One other Unpatched Home windows Printer Spooler Vulnerability


windows printer spooler vulnerability

Merely days after Microsoft sounded the alarm on an unpatched security vulnerability within the Home windows Print Spooler service, probably one more zero-day flaw in the identical part has come to gentle, making it the fourth printer-related flaw to be found in current weeks.

“Microsoft Home windows permits for non-admin customers to have the ability to set up printer drivers by way of Level and Print,” CERT Coordination Middle’s Will Dormann said in an advisory revealed Sunday. “Printers put in by way of this method additionally set up queue-specific information, which will be arbitrary libraries to be loaded by the privileged Home windows Print Spooler course of.”

Stack Overflow Teams

An exploit for the vulnerability was disclosed by safety researcher and Mimikatz creator Benjamin Delpy.

Particularly, the flaw permits a risk actor to execute arbitrary code with SYSTEM privileges on a weak Home windows machine by connecting to a malicious print server beneath their management.

Whereas there isn’t a resolution to the issue, CERT/CC recommends configuring “PackagePointAndPrintServerList” to forestall the set up of printers from arbitrary servers and blocking outbound SMB visitors on the community boundary, provided that public exploits for the vulnerability make the most of SMB for connectivity to a malicious shared printer.

Enterprise Password Management

The brand new problem is simply the newest proof of the fallout after the PrintNightmare flaw by chance grew to become public final month, resulting in the invention of a variety of vulnerabilities affecting the Print Spooler service.





Source link