Security Alerts & News
by Tymoteusz A. Góral

History
#1137 Vulnerability exploitable via printer protocols affects all Windows versions
Microsoft patched today a critical security vulnerability in the Print Spooler service that allows attackers to take over devices via a simple mechanism. The vulnerability affects all Windows versions ever released.

Security firm Vectra discovered the vulnerability (CVE-2016-3238), which Microsoft fixed in MS16-087. At its core, the issue resides in how Windows handles printer driver installations and how end users connect to printers.

By default, in corporate networks, network admins allow printers to deliver the necessary drivers to workstations connected to the network. These drivers are silently installed without any user interaction and run under the SYSTEM user, with all the available privileges.

Vectra researchers discovered that an attacker can replace these drivers on the printer with malicious files that allow him to execute any code he'd like on the infected machine.

The attack can be launched from the local network or via the Internet, thanks to the Internet Printing Protocol or the webPointNPrint protocol. This type of attack can be delivered via innocuous methods such as ads (malvertising) or JavaScript code hidden in compromised websites.
Read more
#1141 Intel patches local EoP vulnerability impacting Windows 7
#1140 Microsoft Patch Tuesday – July 2016
#1139 Nation-backed malware that infected energy firm is 1 of 2016’s sneakiest
#1138 Cisco boasts 100 percent security coverage
#1137 Vulnerability exploitable via printer protocols affects all Windows versions
#1136 Leaky database leaves Oklahoma police, bank vulnerable to intruders
#1135 VPN provider removes Russian presence after servers seized
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12