Two security researchers have released details of a vulnerability in the Windows printing service this week, which they declared existed in all versions of Windows, which may even affect Windows NT 4 released in 1996.
The vulnerability coded as “PrintDemon” exists in the Windows Print Spooler, the primary Windows component responsible for managing print operations.
The service can send the data to be printed to a USB / parallel port for physically connected printers; a TCP port for printers on the local network or the Internet; or to a local file, in rare cases, the user wants to save a print job for later use.
PrintDemon is a type of vulnerability that researchers call a “local privilege escalation” (LPE) vulnerability. This means that if an attacker has even the smallest kernel of an application or Windows machine, even with user mode privileges, an attacker can run a program as simple as a nonprivileged PowerShell command to gain administrator-level privileges over the entire operating system.