Microsoft has fixed on its Windows 10 system a critical vulnerability present in Windows since 1996 known as PrintDemon, which was present in the printing system and allowed attackers to view, change and delete files on the user’s computer.
The PrintDemon vulnerability exploits an elevation of privilege that can be performed in the Windows Print Spooler service, which helps computers interact with printers and manages the document print queue.
According to Microsoft, this security breach allows cybercriminals to arbitrarily upload code to the system and acquire elevated system privileges, with which it is possible to view, modify and delete user files and even install programs or create new accounts in the computer.
“To exploit this vulnerability, an attacker would have to log into the affected system and run a malicious ‘script’ or application created for it,” the US company acknowledged.
Print Spooler has contained this same vulnerability since it was released in Windows NT 4 in 1996, and was even used as part of the attacks carried out by the Stuxnet worm against nuclear facilities in Iran, according to cybersecurity researchers Alex Ionescu and Yarden Shafir.
Microsoft has now released a patch to fix this vulnerability (CVE-2020-1048) on their Windows 10 operating system, which fixes how the Windows Print Spooler component writes to the system.
