Windows security bug could let hackers hijack your printer

(Image credit: Shutterstock)

Windows users have been warned to ensure their security protections are up to date following the disclosure of a new bug that could affects printer services.

Researchers were able to bypass recent patches to exploit a flaw that could allow hackers to take over a private network after hijacking individual printing devices.

The flaw affects Windows Print Spooler, the service that manages the printing process, giving third-parties admin privileges that could be exploited to run malware.

Printer security

The bug, known as CVE-2020-1048, was uncovered by Peleg Hadar and Tomer Bar of SafeBreach Labs, who reported the flaw to Microsoft. The computing giant had released a fix for the issue back in May, but it seems this protection was incomplete. 

The researchers discovered that they could take advantage of CVE-2020-1048 by crafting malicious files that are parsed by Windows Print Spooler, including .SHD (Shadow) files that contain metadata for print jobs such as the ID of the system user, and SPL (Spool) files that contain the data that is due to be printed.

These files are processed by a function called ProcessShadowJobs, which places SHD files into the spooler folder when printing starts. 

However as Windows Print Spooler runs with SYSTEM privileges and any user can drop SHD files into its folder, the researchers were able to use modified SHD files to include a SYSTEM SID, add it to the Spooler’s folder, and restart the computer for the Spooler to perform the task with the rights of the most privileged account on Windows.

Microsoft now says it will fix the flaw in its next security update, scheduled for August 11, but this means some user systems remain at risk until then with no fix in sight.

Users may want to hold off downloading any initial Microsoft patches though, after recent releases did more harm than good, with the June 2020 update causing serious problems with printers – breaking printer functionality completely, or elements of it, such as causing wireless printing to fail.

Via Bleeping Computer

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

Latest in Pro
Hands typing on a keyboard surrounded by security icons
Outdated ID verification myths put businesses at risk
China
Chinese hackers targeting Juniper Networks routers, so patch now
Google Meet create custom backgrounds
More AI features are coming to Google Workspace
Mac Studio on a desk
I compared Apple's Mac Studio M3 Ultra with 10 Windows workstations and I am truly shocked by what I found
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
Latest in News
Google Gemini Robotics
Gemini just got physical and you should prepare for a robot revolution
Lilo & Stitch Official Trailer
Stitch crashes into earth and steals our hearts with the first trailer for the live-action Lilo & Stitch
GTA 5
GTA Online publisher Take-Two is gunning for a black market that’s basically heaven for cheaters
Y2K cast looking shocked
Y2K has a streaming release date on Max, so you can witness the technology uprising at home
The Discovery+ homepage
Discovery+ just got a big update to its streaming app that makes it more like Max – here are 5 great new features to try
Two Android phones on a green and blue background showing Google Messages
Struggling with slow Google Messages photo transfers? Google says new update will make 'noticeable difference'