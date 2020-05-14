Its name is PrintDemon, and if your name gave you the clue, yes, it has to do with printers, or rather with the printing system. It is a vulnerability that affects the printing service in all versions of Windows released in the last 24 years.

This means that all versions of Windows 10 and systems as old as Windows NT 4 are affected. The good news is that Microsoft has already released a patch to fix this bug with his usual Tuesday patches.

The bad one, for those who refuse to update, is that it obviously only applies to supported versions of Windows. Which means that all computers that are still using Windows 7 and have not paid for extraordinary support remain vulnerable to this failure.

Blame it on the print queue

The vulnerability is located in the Windows Print Spooler, a Windows component that has remained practically the same in decades, and which is the responsible for managing printing operations.

If an attacker manages to exploit the vulnerability it could do so with elevated system privileges since Windows Print Spooler can exploit itself to arbitrarily write data to the file system. I mean, doing things like install programs, view, change or delete data, or even create new user accounts with all privileges.

An attacker trying to exploit this flaw can start a print operation, intentionally hang the service, and then let the job resume, but this time the print operation runs with System privileges, allowing it to overwrite any files on anywhere in the operating system.

At least PrintDemon cannot be used to access Windows remotely, is a local elevation of privilege vulnerability. The affected service is used to send data to be printed to physically connected printers through parallel or USB ports, or through TCP ports to printers on the local network.

