Windows’ Print Spooler: The Gift that Keeps Giving to Attackers


The patch for a severe privilege escalation vulnerability in Windows issued in May by Microsoft was bypassed within days and has had to be fixed again in August’s Patch Tuesday batch of software updates from Redmond.

May’s so called PrintDemon bug in Windows Print Spooler service lets an attacker — able to execute low-privileged code on a machine — establish a persistent backdoor, then return at any point and escalate privileges to SYSTEM.

The exploit involves a few short PowerShell commands and once the backdoor is set up, it will persist even after a patch for

To see the full content, share this page by clicking one of the buttons below
Click on a tab to select how you'd like to leave your comment

Leave A Reply

Your email address will not be published.