Vulnerability Exploitable Via Printer Protocols Affects All Windows Versions

An anonymous reader writes from a report via Softpedia: "Microsoft patched today a critical security vulnerability in the Print Spooler service that allows attackers to take over devices," reports Softpedia. "The vulnerability affects all Windows versions ever released. [Security firm Vectra discovered the vulnerability (CVE-2016-3238), which Microsoft fixed in MS16-087.] At its core, the issue resides in how Windows handles printer driver installations and how end users connect to printers. By default, in corporate networks, network admins allow printers to deliver the necessary drivers to workstations connected to the network. These drivers are silently installed without any user interaction and run under the SYSTEM user, with all the available privileges." An attacker can hack printers and replace these files with his own. The vulnerability is exploitable from both the local network, but also from the internet, thanks to protocols like Internet Printing Protocol or the webPointNPrint. The exploit can be delivered via ads or JavaScript code inside a compromised website. The vulnerability is actually an OS design issue and affects all Windows versions ever released. Microsoft also announced today plans to make its recently renamed Windows 10 Enterprise product available as a subscription for $7 per user per month, or $84 per year.

What could possibly go wrong...

[mspohr]

Great idea to allow an external device to automatically install software on your computer.
What are these people thinking?... or not...

Re:So completely ass backwards

[NotInHere]

I am also wondering about why you actually need to run printer driver code with system privileges. Isn't that a wrong approach? Yes, I agree printer drivers might not be required at all, but why do network printer drivers need full system privileges?

Its not that they are trying to speak over some hardware bus or something, all they need to have is an interface to the OS where the documents come in, and a network fd or something. They don't even need access to the file system, do they. Maybe for some settings and a cache and stuff. But really, they can be totally sandboxed. But well its windows...