Windows users have been warned to keep their security protections up to date following the disclosure of a new bug that could affect printing services. Researchers were able to bypass recent fixes to take advantage of a flaw that could allow hackers to take control of a private network after hijacking individual printing devices. The flaw affects Windows Print Spooler, the service that manages the printing process, granting administrator privileges to third parties that could be exploited to run malware.
Printer security
The bug, known as CVE-2020-1048, was discovered by Peleg Hadar and Tomer Bar of SafeBreach Labs, who reported the vulnerability to Microsoft. The computer giant released a fix for the problem in May, but it appears the protection was incomplete. The researchers found that they were able to exploit CVE-2020-1048 by creating malicious files scanned by Windows Print Spooler, including .SHD (Shadow) files that contain metadata for print jobs such as system user ID and SPL. Files (spool) that contain the data to be printed. These files are processed by a function called ProcessShadowJobs, which puts the SHD files in the spool folder when printing begins. However, since Windows Print Spooler runs with SYSTEM privileges and any user can put SHD files in its folder, the researchers were able to use SHD files modified to include a SYSTEM SID, add it to the Spooler folder, and reboot. the computer for Spooler to perform the task with the rights of the most privileged account in Windows. Microsoft now says it will fix the flaw in its next security update, scheduled for August 11, but that means some user systems remain at risk until then with no fixes in sight. However, users may want to delay downloading initial patches from Microsoft, after recent versions did more harm than good, and the June 2020 update caused serious problems with printers, shutting down functionality altogether. from the printer. , or elements thereof, such as wireless printing failures. . Through a computer on hold