Hot Potato: This is not the first time that IT managers and users have been notified of an error with the Windows Print Spooler service. The latest 0-day vulnerability in this Windows version was apparently explained at the annual Black Hat Security Conference, however, security researchers mistakenly released a proof of concept early on, and now Microsoft is warning users about 0-days. Active defect exploited in nature.
Microsoft fixed an RCE vulnerability in its Windows Print Spooler service in a security update on Tuesday, June, but now another zero-term bug has surfaced that is currently being addressed by the company. Verified and found to be active. The US Cybersecurity and Infrastructure Agency (CISA) has described it as "vulnerable" to "very important" remote code execution, although Microsoft has yet to award it a score.
Essentially, a function in the Windows Print Spooler service allows a remote authentication attacker to execute arbitrary code with system privileges. “An attacker can install programs, view, modify or delete data, or create new accounts with full user rights,” Microsoft notes. /
System administrators are strongly advised to disable the Windows Print Spooler service on servers. /domain controllers/computers not used for printing, while another solution is to disable remote printing via Group Policy if users still want to print locally with a single machine with direct access connected.
This service bug caching tool is also reminiscent of what was discovered in 2016, with Microsoft noting that the latest vulnerabilities are present in all versions of Windows, although it is not yet clear which versions can be used. It is said that debugging is currently underway and that Microsoft may release a Patch Tuesday outside of its regular schedule.
Top image credit: PCMag
A critical vulnerability in the Windows Print Spooler service allows computers to execute remote code