There is an unpatched vulnerability in Windows Print Pooler that an attacker can exploit to elevate system permissions to run malware. This issue affects Windows 7, Windows 8.x, Windows 10, and Windows Server versions. Its vulnerability tracking numbers are CVE-2020-1048 and CVE-2020-1337, with a severity rating of “critical”. Although Microsoft acknowledged the problem as early as May, the patch has not yet fully taken effect.
Although Microsoft released a fix for the CVE-2020-1048 vulnerability in May, security officials later discovered that the vulnerability could easily be bypassed. As a result, it is now considered a new vulnerability with the tracking number CVE-2020-1337. Microsoft will release the fix next week on The Patch Tuesday, while the company explains the issue on its official security channel.
When the Windows Print Spooler service inappropriately allows arbitrary writes to the file system, there is a privilege elevation vulnerability. An attacker who successfully exploits the vulnerability can run arbitrary code with elevated system permissions. An attacker could then install an installer, view, change, or delete data, or create a new account with full user rights.
To exploit this vulnerability, an attacker would have to log on to the affected system and run a specially crafted script or application.
The update addresses the vulnerability by correcting the way the Windows Print Spooler component writes to the file system.
Details of exactly how attackers were able to bypass the last fix have not been released, but more information is expected when the patch is available.