'Printer Catastrophe' Vulnerability Threatens All Versions of Windows

Although Microsoft releases patches for Windows vulnerabilities on a monthly basis, there are still security issues that remain. Recently, the US Cybersecurity and Infrastructure Agency (CISA) reported a critical vulnerability in the Windows Print Spooler system.

This vulnerability allows bad actors to exploit for remote code execution (RCE) and it has been dubbed "Printer disaster". According to the CERT Coordination Center, the problem is that the Windows Print Spooler does not restrict access to the RpcAddPrinterDriverEx() function. As a result, a remote attacker can take advantage of it to execute arbitrary code remotely under system privileges.

'Printer Catastrophe' Vulnerability Threatens All Versions of Windows Picture 1 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows Picture 1

The RpcAddPrinterDriverEx() function is commonly used to install printer drivers remotely. With unrestricted access, an attacker could point to a driver on a remote server, causing the victim machine to execute arbitrary code with system privileges.

Microsoft says it is investigating the vulnerability. The software giant proposes two temporary solutions for IT administrators of organizations and businesses.

The first solution is to disable the Windows Print Spooler service but this will cause printing to be disabled both locally and remotely. The second solution is to disable remote printing via Group Policy. This will limit remote printing, but local printing will still work fine.

Microsoft says the vulnerability appears on all versions of Windows. However, it is not clear whether an attacker can exploit it on all versions of Windows.