Windows 10 has a dangerous print spooler bug, and there is no fix

Colorful Microsoft logo

An unpatched vulnerability in the Windows Print Spooler exists that could be exploited by an attacker to run malicious software with elevated system privileges.

The issue affects Windows 7, Windows 8.x, Windows 10 as well as versions of Windows Server. It is being tracked as CVE-2020-1048 and CVE-2020-1337 and has a severity rating of "Important". Despite having been acknowledged by Microsoft back in May, a working patch is yet to be rolled out.

See also:

The company did issue a fix for the CVE-2020-1048 vulnerability in May, but it was found to be easy to bypass. As a result, it is now being treated as a new vulnerability which is tracked as CVE-2020-1337. Microsoft is due to issue a fix next week on Patch Tuesday.

The company explains the issue on its security website:

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.

The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system.

Details of just how it was possible to bypass the fix are yet to be released for obvious reasons, but more information is expected when the patch is available.

Image credit: Sundry Photography / Shutterstock

© 1998-2020 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.