[German]Security researchers have found a way to abuse the print spooler in Windows and give programs administrative privileges. This can be exploited by malware to implant itself on the system. There is no patch for this bug yet, as the May 2020 update for CVE-2020-1048 can be bypassed.
The old vulnerability CVE-2020-1048
CVE-2020-1048 is an elevation of privilege vulnerability in the Windows Print Spooler service. It occurs because the Windows print spooler service incorrectly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated system privileges. He could then install programs, view, modify, or delete data, or create new accounts with full user privileges.
Microsoft describes the vulnerability in this document and released security updates for Windows 7 to Windows 10 on May 12, 2020. However, it seems that Microsoft failed to patch the vulnerability.
Patch for CVE-2020-1048 can be bypassed
Security researchers have now shown that the patch that Microsoft released in May 2020 for CVE-2020-1048 can be bypassed. The bug in Windows print services can still be used to execute malicious code with elevated privileges. The vulnerability has been assigned a new CVE number CVE-2020-1337. A fix in the form of a security update is expected from Microsoft on August 11, 2020. The technical details for the new bug are not yet public. The disclosure will be made together with a proof of concept after the patch is released. Bleeping Computer has compiled a few more details in this article.
Cookies helps to fund this blog: Cookie settings