'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
Although Microsoft releases patches for Windows vulnerabilities on a monthly basis, there are still security issues that remain. Recently, the US Cybersecurity and Infrastructure Agency (CISA) reported a critical vulnerability in the Windows Print Spooler system.
This vulnerability allows bad actors to exploit for remote code execution (RCE) and it has been dubbed "Printer disaster". According to the CERT Coordination Center, the problem is that the Windows Print Spooler does not restrict access to the RpcAddPrinterDriverEx() function. As a result, a remote attacker can take advantage of it to execute arbitrary code remotely under system privileges.
The RpcAddPrinterDriverEx() function is commonly used to install printer drivers remotely. With unrestricted access, an attacker could point to a driver on a remote server, causing the victim machine to execute arbitrary code with system privileges.
Microsoft says it is investigating the vulnerability. The software giant proposes two temporary solutions for IT administrators of organizations and businesses.
The first solution is to disable the Windows Print Spooler service but this will cause printing to be disabled both locally and remotely. The second solution is to disable remote printing via Group Policy. This will limit remote printing, but local printing will still work fine.
Microsoft says the vulnerability appears on all versions of Windows. However, it is not clear whether an attacker can exploit it on all versions of Windows.
You should read it
- Hundreds of HP printer models contain vulnerabilities that allow remote code execution attacks
- Detect a rare vulnerability that causes problems with the printer on Windows 10
- Detecting an 8-year-old security flaw, affecting 150 HP printer models
- If you hack HP's printer, you will receive $ 10,000
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
- GitLab patches critical vulnerability that allows hackers to take control of accounts
- Detects a vulnerability that threatens all Windows computers shipped from 2012 up to now
- Steps to fix PrintNightmare vulnerability on Windows 10
- The NSA issued an urgent warning about a critical vulnerability appearing in Windows servers
- Log4Shell zero-day vulnerability discovered, the new nightmare of enterprises
- How to add a printer on Windows 11
- Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge it
Maybe you are interested
What is PetitPotam Attack? How to overcome PetitPotam attack The Microsoft MSERT tool can find web shells related to the Exchange Server attack campaign Many encrypted SSDs can be decoded without a password Wsreset tool of Windows 10 Store was used by hackers to bypass anti-virus software The CredSSP vulnerability in the RDP protocol affects all versions of Windows Detects two serious vulnerabilities on uTorrent that can help hackers execute malicious code or view download history on your computer