Content
(MS09-022) Microsoft Windows Print Spooler Read File Vulnerability (961501)
- Type
- Logic error
- Impact of exploitation
- Information disclosure
- User Interaction
- user interaction is needed
- Attack Vector
- Authenticated locally logged on user with limited privileges
- Rating
- Low
- CVE reference
- CVE-2009-0229,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows XP SP3,
- Windows Vista SP1,
- Windows 2003 SP2,
- Windows 2000 SP4,
- Windows 2008,
- Windows Vista SP2,
- Windows 2008 SP2,
- Windows 2008 Itanium SP2,
- Windows 2008 x64 SP2,
- Summary
- A local vulnerability in the Microsoft Windows Printing Service may allow for the disclosure of sensitive information.
Tab Navigation
Description
A local vulnerability in the Microsoft Windows Printing Service may allow for the disclosure of sensitive information. The flaw lies in the improper checking of files which are included from separator pages. Upon exploitation, a local attacker will gain the ability to read or print any file on the affected system.
McAfee Product Mitigation & Recommendations
Recommendations
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-022.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-022) Microsoft Windows Print Spooler Read File Vulnerability (961501)
- Signature identifier:
- 6763
- Release date:
- 6/9/2009
The Remedy V-Flash of June 10 contains remedies.
- Release date:
- 6/10/2009
Additional Resources
Vulnerabilities in the Windows Print Spooler Could Allow Remote Code Execution (961501)
http://www.microsoft.com/technet/security/bulletin/ms09-022.mspx
All Information
Timeline -
6/9/2009
Vendor has provided a patch.
Description -
A local vulnerability in the Microsoft Windows Printing Service may allow for the disclosure of sensitive information. The flaw lies in the improper checking of files which are included from separator pages. Upon exploitation, a local attacker will gain the ability to read or print any file on the affected system.
McAfee Product Mitigation & Recommendations
Recommendations -
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-022.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-022) Microsoft Windows Print Spooler Read File Vulnerability (961501)
- Signature identifier:
- 6763
- Release date:
- 6/9/2009
The Remedy V-Flash of June 10 contains remedies.
- Release date:
- 6/10/2009
Additional Resources
Additional Resources -
Vulnerabilities in the Windows Print Spooler Could Allow Remote Code Execution (961501)
http://www.microsoft.com/technet/security/bulletin/ms09-022.mspx
