Microsoft released a routine security update on Tuesday that fixed several vulnerabilities, including one linked to the printer’s back-office handler, Windows Print Spooler, affecting Windows Server 2008, 2012, 2016 and 2019, as well as Windows 7, 8.1 and 10.
Microsoft’s security bulletin appears to have been familiar, saying that an attacker who successfully exploited the vulnerability could use elevated system privileges to execute arbitrary code. This vulnerability is very similar to the Windows XP vulnerability exploited by the Stuxnet worm a decade ago.
The Stuxnet worm infected Iran’s nuclear facilities in 2010 and has since spread to the rest of the world. Stuxnet exploited at least the 0day vulnerability, one of which is the printer backhandler Windows Print Spooler vulnerability CVE-2010-2729, which could allow an attacker to execute arbitrary code on an XP system.
The latest vulnerability, discovered and reported to Microsoft by SafeBreach’s security researchers, is, in addition to being associated with the Stuxnet worm, and the most striking thing is that it’s easy to exploit, with a single line of PowerShell instructions that can exploit and install a persistent backdoor.