Content
(MS09-022) Microsoft Windows Print Spooler Load Library Vulnerability (961501)
- Type
- Logic error
- Impact of exploitation
- Privilege Escalation
- User Interaction
- user interaction is needed
- Attack Vector
- Malicious remote network traffic
- Rating
- Low
- CVE reference
- CVE-2009-0230,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows XP SP3,
- Windows Vista SP1,
- Windows 2003 SP2,
- Windows 2000 SP4,
- Windows 2008,
- Windows Vista SP2,
- Windows 2008 SP2,
- Windows 2008 Itanium SP2,
- Windows 2008 x64 SP2,
- Summary
- A vulnerability in the Windows Print Spooler may allow for remote privilege escalation attacks.
Tab Navigation
Description
A vulnerability in the Windows Print Spooler may allow for remote privilege escalation attacks. The flaw allows a remote, authenticated, attacker to load arbitrary DLLs into the Printer Spooler for execution. Upon exploitation, an attacker will gain elevated privileges which can lead to their ability to control various aspects of the compromised system.
McAfee Product Mitigation & Recommendations
Recommendations
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-022.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-022) Microsoft Windows Print Spooler Load Library Vulnerability (961501)
- Signature identifier:
- 6762
- Release date:
- 6/9/2009
McAfee Intrushield
- Signature:
- NETBIOS-SS: Microsoft Print Spooler Load Library Vulnerability
- Signature identifier:
- 0x4070A800
- Release date:
- 6/9/2009
- First released in:
- 4.1.51, 5.1.21
McAfee Host IPS
- Signature:
- Print Spooler Load Library Vulnerability
- Signature identifier:
- 2222
- Release date:
- 6/9/2009
- First released in:
- Build 2616
The Remedy V-Flash of June 10 contains remedies.
- Release date:
- 6/10/2009
Additional Resources
Vulnerabilities in the Windows Print Spooler Could Allow Remote Code Execution (961501)
http://www.microsoft.com/technet/security/bulletin/ms09-022.mspx
All Information
Timeline -
6/9/2009
Vendor has provided a patch.
Description -
A vulnerability in the Windows Print Spooler may allow for remote privilege escalation attacks. The flaw allows a remote, authenticated, attacker to load arbitrary DLLs into the Printer Spooler for execution. Upon exploitation, an attacker will gain elevated privileges which can lead to their ability to control various aspects of the compromised system.
McAfee Product Mitigation & Recommendations
Recommendations -
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-022.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-022) Microsoft Windows Print Spooler Load Library Vulnerability (961501)
- Signature identifier:
- 6762
- Release date:
- 6/9/2009
McAfee Intrushield
- Signature:
- NETBIOS-SS: Microsoft Print Spooler Load Library Vulnerability
- Signature identifier:
- 0x4070A800
- Release date:
- 6/9/2009
- First released in:
- 4.1.51, 5.1.21
McAfee Host IPS
- Signature:
- Print Spooler Load Library Vulnerability
- Signature identifier:
- 2222
- Release date:
- 6/9/2009
- First released in:
- Build 2616
The Remedy V-Flash of June 10 contains remedies.
- Release date:
- 6/10/2009
Additional Resources
Additional Resources -
Vulnerabilities in the Windows Print Spooler Could Allow Remote Code Execution (961501)
http://www.microsoft.com/technet/security/bulletin/ms09-022.mspx
