covering the week stop textin slight
linux bias researchers have shown that a
vulnerability in a decades-old microsoft
windows component that controls printing
could be abused by malicious actors to
gain elevated privileges on the targeted
system the flaw which they dubbed print
demon resides in the print spooler and
get this
it affects all Windows versions since NT
4.0 the component has remained largely
unchanged since even though another
vulnerability affecting it was abused by
the infamous Stuxnet a decade ago
Microsoft said of the fix an elevation
of privileged vulnerability exists when
the windows print spooler service
improperly allows arbitrary writing to
the file system an attacker who
successfully exploited this
vulnerability could run arbitrary code
with elevated system privileges an
attacker could then install programs
view change or delete data or create new
accounts with full user rights microsoft
played down the likelihood of
exploitation saying that an attacker
would need to log on to an affected
system and use a specially written
script or application but as we know RDP
exploits are occurring in the wild with
malware such as SAR whant opening a
remote access to Windows systems so in
today's connected world saying a hacker
needs to have access to a system in
order to exploit it is an irresponsible
point to make which could mislead
inexperienced IT departments into
complacency the vulnerability can be
abused to elevate privileges bypass
endpoint detection and response rules
and game persistence as part of this
month's Patch Tuesday which plugged a
total of 111 security holes Microsoft
changed how the windows print spooler
component writes data to the file system
and it advised to download and apply the
update this exploit goes to show why
running a version of one of Windows that
his past end-of-life is unwise the fix
for this exploit will not be released to
eol operating systems such as Windows XP
or even Windows 7 which will remain
vulnerable to this critical flaw perhaps
this is also another
sample of why is high time to consider
switching to Linux
[Music]