PrintDemon vulnerability impacts all Windows versions

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.zdnet.com/article/printdemon-vulnerability-impacts-all-windows-versions/
PrintDemon vulnerability impacts Windows versions released as far back as 1996. Patches available.

Two security researchers have published today details about a vulnerability in the Windows printing service that they say impacts all Windows versions going back to Windows NT 4, released in 1996.
The vulnerability, which they codenamed PrintDemon, is located in Windows Print Spooler, the primary Windows component responsible for managing print operations.

The service can send data to be printed to a USB/parallel port for physically connected printers; to a TCP port for printers residing on a local network or the internet; or to a local file, in the rare event the user wants to save a print job for later.

Trivially exploitable local privilege elevation
In a report published today, security researchers Alex Ionescu & Yarden Shafir said they found a bug in this old component that can be abused to hijack the Printer Spooler internal mechanism.
... ...
Click to expand...
 
  • Like
  • +Reputation
  • Wow
Reactions: Protomartyr, bayasdev, Antus67 and 7 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,129
Wow, that one could be nasty on unpatched machines. It is worth to know that the Microsoft patch does not remove the possible malware if the malware was before the patch. One can check if the system is infected, by looking at the Registry key:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports.
Any ports that have a file path in them — especially ending in an extension such as .DLL or .EXE should be treated with extreme prejudice. "
 
  • Like
  • +Reputation
  • Wow
Reactions: Protomartyr, bayasdev, South Park and 7 others
You must log in or register to reply here.

Similar threads

F
    • Like
    • +Reputation
Security News Windows Kernel bug fixed last month exploited as zero-day since August
Replies
0
Views
1,066
Security News
Freki123
F
silversurfer
    • Like
Arm Issues Patch for Mali GPU Kernel Driver Vulnerability Amidst Ongoing Exploitation
Replies
0
Views
967
News Archive
silversurfer
silversurfer
Gandalf_The_Grey
    • +Reputation
    • Like
    • Applause
Technology A quick look back at Microsoft Pinball that was bundled with some Windows versions
Replies
3
Views
329
Technology News
Rosealbert
R

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top