A 24 year old vulnerability threatens Windows

It’s rather unusual for us to report a 24-year Windows vulnerability, but the vulnerability found affects all versions of the operating system since Windows NT 4 – and this edition was published in 1996.

A hole called PrintDemon, which was discovered and published by security researchers Alex Ionescu and Yarden Shafi (via ZDNet), is located in the Windows print queue manager. This is the component that is primarily responsible for managing print operations.

A service can perform various operations: it can send data to a USB / parallel port and, therefore, to a physically connected printer. In addition, through it you can access the TCP port to send data to a network printer. The third option is to send the work to a local file so that you can save it for later.

Local privilege escalation

The security researcher has discovered an error that can be used to hack the functionality of the Windows print spooler. Anyone who uses the vulnerability can create a back door that will be permanent. The good news is that you cannot use this space over the Internet. But you need local access to your computer.

Therefore, PrintDemon is a vulnerability called Local Privilege Elevation (LPE). Theoretically, this means that it needs to be activated locally. But as soon as this is done, the attacker will gain wide administrator rights.

You do not need to worry: the vulnerability is released after it is fixed. Users with the current Windows operating system should install the fixes provided the day before yesterday. PrintDemon is also officially known as CVE-2020-1048, and it was addressed yesterday with the fixes.

PrintDemon vulnerability impacts all Windows versions

Two security researchers today published information about a vulnerability in the Windows print service. Which, they said, affects all versions of Windows, starting with Windows NT 4, released in 1996.

The vulnerability they called PrintDemon is located in Windows Print Spooler. The main Windows component is responsible for managing print operations.

The service can send print data to a USB / parallel port for physically connected printers. On the TCP port for printers located on the local network or on the Internet; or to a local file. In rare cases, the user wants to save the print job for later.

In a report released today, security researchers Alex Ionescu & Yarden Shafir said they discovered a bug. In this old component that could be used to crack the internal mechanism of the printer spooler.

This error cannot be used to remotely infiltrate a Windows client via the Internet. Therefore it cannot be used to accidentally hack Windows systems through the Internet.

PrintDemon is what researchers call the Local Elevation of Privilege (LPE) vulnerability. This means that once an attacker has even a tiny foothold in an application or on a Windows machine, even with user-mode privileges. An attacker can execute something as simple as one unprivileged PowerShell command to gain administrator-level privileges for the entire OS.