Vulnerability Reported in Windows 2000 Print Spooler
According to reports, a security flaw has been discovered in the Print Spooler of Microsoft. This flaw is rated as a "high" risk as it could allow remote execution of malware with the help of system rights.
Security researchers say that this flaw resides within the EnumeratePrintShares utility that has a direct relation with win32spl.dll. Reportedly, the flawed utility was discovered to wrongly validate the extent of response from the printer system connected to the Internet.
In case a user picks up the online printer system's distorted response, then it could result in a stack buffer overflow, which potentially leads to exploitable and dangerous outcomes.
According to the researchers, for a hacker, there are some very easy methods to precisely and successfully exploit this flaw. First, the online attacker must patiently assemble a maliciously maneuvered printer server that the target computer might access. Accordingly, the attacker has to merely connect to the spooler service of this printer server and use it to transmit a request or query.
Subsequently, this request/query will prompt the target computer to enumerate the shared printer resources. This process will take place on the artificially maneuvered printer that will directly lead to the successful triggering of the flaw.
Understandably, the researchers have rated this security problem as "critical" that affects each of the supported versions of Windows 2000. A few of the data files pertaining to Windows 2000 might be comprised but aren't restricted to fxmon.exe, nntp_regtrace.exe, telnetc.exe, mwsel32.exe, plumbing.exe and dbgwiz.exe.
Hence, the security researchers suggest that users deploy firewalls for ports 631, 445, 139 as well as both TCP and UDP. This will help to directly and immediately halt all remote printer services carried out on the host machine.
To conclude, the researchers stated it is more reliable to follow the suggestion since it leads to a more safe experience. If a normal user or an administrator considers installing security update from Microsoft manually rather than automatically, then users are advised to refer to update management program of Microsoft or obtain the updates via Microsoft update service.
Related article: Vulnerabilities in Web Applications Invite Hackers’ Activities
» SPAMfighter News - 29-06-2009