Rewterz Threat Advisory –Multiple Citrix ADC and Gateway Vulnerabilities
July 21, 2021Rewterz Threat Advisory – Chinese Gas Pipeline Intrusion Campaign – Active IOCs
July 21, 2021Rewterz Threat Advisory –Multiple Citrix ADC and Gateway Vulnerabilities
July 21, 2021Rewterz Threat Advisory – Chinese Gas Pipeline Intrusion Campaign – Active IOCs
July 21, 2021Severity
High
Analysis Summary
Microsoft Windows allows for non-admin users to be able to install printer drivers via Point and Print. Printers installed via this technique also install queue-specific files, which can be arbitrary libraries to be loaded by the privileged Windows Print Spooler process. By connecting to a malicious printer, an attacker may be able to execute arbitrary code with SYSTEM privileges on a vulnerable system.
Impact
- Arbitrary code execution
- Privilege escalation
Affected Vendors
Microsoft
Remediation
A public exploit is available for this vulnerability
publicly available.
Refer to the Microsoft Security Bulletin MS16-087 for more workaround and updates.
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-087