Executive Summary
Summary | |
---|---|
Title | Microsoft Windows Print Spooler Point and Print allows installation of arbitrary queue-specific files |
Informations | |||
---|---|---|---|
Name | VU#131152 | First vendor Publication | 2021-07-18 |
Vendor | VU-CERT | Last vendor Modification | 2021-09-14 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 8.8 | ||
Base Score | 8.8 | Environmental Score | 8.8 |
impact SubScore | 5.9 | Temporal Score | 8.8 |
Exploitabality Sub Score | 2.8 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | None | User Interaction | Required |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
OverviewMicrosoft Windows allows for non-admin users to be able to install printer drivers via Point and Print. Printers installed via this technique also install queue-specific files, which can be arbitrary libraries to be loaded by the privileged Windows Print Spooler process. DescriptionMicrosoft Windows allows for users who lack administrative privileges to still be able to install printer drivers, which execute with While Windows enforces that driver packages themselves are signed by a trusted source, Windows printer drivers can specify queue-specific files that are associated with the use of the device. For example, a shared printer can specify a An exploit for this vulnerability is publicly available. ImpactBy connecting to a malicious printer, an attacker may be able to execute arbitrary code with SolutionMicrosoft has published updates for CVE-2021-36958 regarding this issue. Please also consider the following workarounds: Block outbound SMB traffic at your network boundaryPublic exploits for this vulnerability utilize SMB for connectivity to a malicious shared printer. If outbound connections to SMB resources are blocked, then this vulnerability may be mitigated for malicious SMB printers that are hosted outside of your network. Note that an attacker local to your network would be able to share a printer via SMB, which would be unaffected by any outbound SMB traffic rules. Configure both PackagePointAndPrintServerList and PackagePointAndPrintOnly settingsMicrosoft Windows has a Group Policy called "Package Point and Print - Approved servers", which is reflected in the To ensure that Microsoft Windows only attempts to install Package Point and Print printers, and therefore restricting printer connections to the approved servers list, you must also set the Both of these settings must be configured to protect against exploitation of this vulnerability. Block the ability to modify the print spooler drivers directoryCourtesy of the TRUESEC Blog, this vulnerability can be mitigated by preventing the To enable this mitigation, from a privileged PowerShell session, run:
To revert the mitigation to allow printer driver installation or modification, run:
Stop and disable the Print SpoolerThe Print Spooler can be disabled in a privileged PowerShell session by running the following commands:
Impact of workaround Disabling the Print Spooler service disables the ability to print both locally and remotely. AcknowledgementsThis vulnerability was publicly disclosed by Benjamin Delpy. Microsoft credits Victor Mata with reporting this issue to them. This document was written by Will Dormann. |
Original Source
Url : https://kb.cert.org/vuls/id/131152 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 | |
Os | 1 | |
Os | 1 | |
Os | 1 | |
Os | 1 | |
Os | 1 | |
Os | 1 | |
Os | 1 | |
Os | 1 | |
Os | 1 | |
Os | 1 | |
Os | 2 | |
Os | 2 | |
Os | 1 | |
Os | 1 |
Alert History
Date | Informations |
---|---|
2021-09-23 17:17:43 |
|
2021-09-15 05:17:39 |
|
2021-08-16 05:17:39 |
|
2021-08-14 00:17:40 |
|
2021-08-13 21:18:03 |
|
2021-08-13 00:29:05 |
|
2021-08-13 00:17:40 |
|
2021-08-12 17:17:42 |
|
2021-08-12 05:17:41 |
|
2021-08-12 00:17:41 |
|
2021-08-11 00:17:43 |
|
2021-07-19 21:17:57 |
|
2021-07-19 17:17:36 |
|
2021-07-18 17:17:39 |
|