Microsoft recently published patches for a vulnerability in the printer services in Windows. However, this vulnerability has not yet been fully closed so it can still be exploited. The vulnerability allows an attacker to execute code on any Windows computer that has the print spooler service turned on. This is the case with a standard installation.
An attacker with network access can gain system-level access to every Windows computer and server that uses the print spooler service. This vulnerability was rated by the NFIR CERT team with a Common Vulnerability Scoring System (CVSS) of 9.4, which represents a critical vulnerability. To mitigate the vulnerability, two measures can be taken. First, completely disabling the printer spoolers on all systems. If this is not possible, the second way is to change the permissions of the folder that the exploit code uses to ensure that the proof-of-concept code does not work. In any case, it is advised to keep Windows systems up-to-date. Read more about the scope and nature of the vulnerability and how to take effective mitigating vulnerabilities in this publication.
