PrintDemon Vulnerability Impacts All Windows Versions

Two security researchers have published today details about a vulnerability in the Windows printing service that they say impacts all Windows versions going back to Windows NT 4, released in 1996. From a report: The vulnerability, which they codenamed PrintDemon, is located in Windows Print Spooler, the primary Windows component responsible for managing print operations. The service can send data to be printed to a USB/parallel port for physically connected printers; to a TCP port for printers residing on a local network or the internet; or to a local file, in the rare event the user wants to save a print job for later. In a report published today, security researchers Alex Ionescu & Yarden Shafir said they found a bug in this old component that can be abused to hijack the Printer Spooler internal mechanism. The bug can't be used to break into a Windows client remotely over the internet, so it's not something that could be exploited to hack Windows systems at random over the internet.

In my time ...

[nospam007]

Such demons were written 'deamons'

Daemon refers to benevolent and noble spirits in Greek mythology. On the other hand, demon refers to an evil creature.

Re:

[EvilSS]

I think that's the joke they intended when they named the exploit PrintDemon.

Re:

[DontBeAMoran]

If it were called PrintQ you'd never know the exploit was present until it was too late and then you'd learn a valuable existential lesson.

Re:

[rpresser]

This exploit is evil, therefore it is named demon.

Re:

[jmccue]

Well in reality, all deamons in M/S Windows are really demons.

Re:

[NateFromMich]

LOL, a print spooler exploit. That might be a concern if anyone still used printers like it was 1995.

Yeah, because nobody works in an office anymore.

Re:

[DontBeAMoran]

Actually, that's kind of true these days...

Re:

[Baby Yoda's Daddy]

Just install the Bill Gates Does Windows screensaver and that will send the demons packing.

Re:

[WhatAreYouDoingHere]

Maybe this vulnerability should be renamed, printd

Re:

[Miser]

I thought a Daemon was a Ferengi captain?

Re:

[gweihir]

Such demons were written 'deamons'

Daemon refers to benevolent and noble spirits in Greek mythology. On the other hand, demon refers to an evil creature.

This is Microsoft. They are ignoring history and hence are repeating it, badly.

Well...

[cormandy]

Thank goodness Iâ(TM)m using WindowsNT 3.51!

Re:Well...

[MrL0G1C]

Sorry but you can't just trademark the letter I.

Apple have already done that.

Imagine that

[beep54]

A Windows bug that goes back to 1996. Quelle surprise!

Re:

[flyingfsck]

It is utterly impossible, since MS repeatedly claimed to have completely rewritten Windows since 1996. Why would they rewrite a bug exactly the same way?

Re:

[geekmux]

It is utterly impossible, since MS repeatedly claimed to have completely rewritten Windows since 1996. Why would they rewrite a bug exactly the same way?

Simple. That “completely rewritten” OS has backwards compatibility intact, so certain components were “rewritten” about as much as we’ve re-designed the wheel in the last 100 years of car design.

Impacts all Windows versions going back to NT 4

[divide overflow]

It's a vintage bug so it should command a premium on eBay.

Re:

[93 Escort Wagon]

It's a vintage bug so it should command a premium on eBay.

But it probably won't meet modern exhaust emissions standards.

Re:

[divide overflow]

But it probably won't meet modern exhaust emissions standards.

But next year it will be 25 years old and exempt from emissions standards.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[hawk]

However, Nevada *does* allow registering a 20+ year old vehicle with classic plates, with no emissions allowed for under 5,000 miles/year.

Re:

[EETech1]

Even with the non existent heat

did not fix in full back in 2016

[Joe_Dragon]

https://arstechnica.com/inform... [arstechnica.com]

Seriously doesn't surprise me...

[Anonymous Coward]

Working with with the Windows printer sub-system in corporate environment from NT 4- to Win10 this really doesn't surprise me. Other than a little lipstick on the pig, the entire subsystem is almost exactly the same in Win10 as it was in NT 4. Same .dll's, same places to store temp files, same triple registry hacks to clean up after HP, Epson, Canon, or the Adobe printer fucks something up.

But I can't bash it too hard... writing a generic tool to convert bits on the screen, connect to really weird hardwar

Re:

[cusco]

After RTFA, this sounds really familiar. I'm pretty sure this was a known issue in NT4.0. Wasn't trying to fix that what made SP3 such a catastrophe?

Re:

[PincushionMan]

I'm glad you brought up Apple CUPS. Michael Sweet has deprecated support for PPDs and RAW print queues [github.com] going forward, and the only printers supported must use Internet Printing Protocol v2 (IPP2). There was some hand-waving about printers needing better reporting properties and raw queues being too difficult to manage.

It sounds like he's working on another project, LPrint [github.com] to provide IPP2 hooks to older driverless printers as a workaround. It won't help for PPD based printers, but it should for impact and