Microsoft security advisory - new vulnerability in the Windows Print Spooler feature.

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Aug 13, 2021.

  1. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    48,398
    Likes Received:
    18,592
    GPU:
    AMD | NVIDIA
  2. Reddoguk

    Reddoguk Ancient Guru

    Messages:
    2,661
    Likes Received:
    594
    GPU:
    RTX3090 GB GamingOC
    I always do disable printer spooler because i never use a printer so it's a useless use of resources. All those processes for printing should be able to be removed from the install of a fresh copy of Windows.
     
  3. Astyanax

    Astyanax Ancient Guru

    Messages:
    17,016
    Likes Received:
    7,355
    GPU:
    GTX 1080ti
    still requires an exploited system to pull off.
     
  4. Excalibur1814

    Excalibur1814 Active Member

    Messages:
    74
    Likes Received:
    40
    GPU:
    1660ti
    You might need to see a therapist for that.
     
    cucaulay malkin likes this.

  5. Reardan

    Reardan Master Guru

    Messages:
    632
    Likes Received:
    209
    GPU:
    GTX 3080
    It doesn't require an exploited system, it just requires you to have access to a system. Phishing a regular user, even initiating a teamviewer session with a regular payroll or maintenance or whatever employee will get you the access you need to take over the entire domain. If you can get logged in via any means as anyone, you can make it happen. It's a big big big flaw.
     
  6. Astyanax

    Astyanax Ancient Guru

    Messages:
    17,016
    Likes Received:
    7,355
    GPU:
    GTX 1080ti
    it requires a trojan compromised administrator level account that can add compromised spool drivers.

    A standard user cannot add or remove spool drivers, the only way a standard user is getting a compromised driver is by having a printserver up the line serving a compromised driver to client systems.

    this exploit is not browse by or remotely triggerable without a trojan already permitting privilege escalation.

    PS: once you have physical access to the machine, the accounts mean little,
     
  7. Reardan

    Reardan Master Guru

    Messages:
    632
    Likes Received:
    209
    GPU:
    GTX 3080
    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958

    Where do you see that it requires physical access, or a trojan? And it doesn't have to be a compromised print server on the network, it can just be a public facing print server you control.

    I did get my print nightmares mixed up otherwise. This is only local escalation, not domain like before. Aside from that though idk where you got your information.
     
  8. Mineria

    Mineria Ancient Guru

    Messages:
    5,540
    Likes Received:
    701
    GPU:
    Asus RTX 3080 Ti
    As stated in the article from that link: Local
    If you expand you will see the following:
    Which is pure logic when you have deeper insides of Windows and it's service stack, so Astyanax is completely correct with his claims.
     
  9. Reardan

    Reardan Master Guru

    Messages:
    632
    Likes Received:
    209
    GPU:
    GTX 3080
    It literally says "remotely or via user interaction." It does not say physical access is required. Physical access means you need solder, or remove, or short, or do something physical to the machine that you can ONLY do when there...It doesn't mean manipulate the keyboard guys come on what is this?

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17099

    This is an example of an attack requiring PHYSICAL ACCESS you can see because the Vector says PHYSICAL. Local and physical are different.
     
  10. tsunami231

    tsunami231 Ancient Guru

    Messages:
    14,725
    Likes Received:
    1,855
    GPU:
    EVGA 1070Ti Black
    still dont care that printer spool service has been disable for 15+ years and has been turn on maybe 10 in that time
     

  11. Astyanax

    Astyanax Ancient Guru

    Messages:
    17,016
    Likes Received:
    7,355
    GPU:
    GTX 1080ti
    Thank you for basically misunderstanding what you've read but confirming it anyway.

    The print server must already be exploited locally, via trojan or ignorant user believing a tech support scam to serve clients a malformed driver allowing access into the clients remotely.
     
  12. Erick

    Erick Member Guru

    Messages:
    127
    Likes Received:
    21
    GPU:
    RTX 3080 Ti 12 GB
    And yet, they want to release Windows 365? That's stupid. You might want to think twice about using it in a Chrome built browser.
     
  13. warezme

    warezme Master Guru

    Messages:
    237
    Likes Received:
    37
    GPU:
    Evga 970GTX Classified
    Why even comment then?

    In an enterprise environment the print spooler is used for everything from network printing, PDF's and even Adobe updates rely on the print spooler. Those are obviously going to be the targets not people like you. In this type of environment just turning off the print spooler is not an acceptable solution.
     
  14. Astyanax

    Astyanax Ancient Guru

    Messages:
    17,016
    Likes Received:
    7,355
    GPU:
    GTX 1080ti
    if your print spooler is exploited, your IT is a moron.

    Please Comprehend before responding.

    The print server has to be actively exploited before this attack can be used.
     

Share This Page