Microsoft Windows Print Spooler CVE-2016-3238 Remote Code Execution Vulnerability

description-logoDescription

A remote code execution vulnerability exists when the Windows Print Spooler service does not properly validate print drivers while installing a printer from servers. An attacker who successfully exploited this vulnerability could use it to execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit this vulnerability, an attacker must be able to execute a man-in-the-middle (MiTM) attack on a workstation or print server or set up a rogue print server on a target network. The update addresses the vulnerability by issuing a warning to users who attempt to install untrusted printer drivers.

affected-products-logoAffected Applications

Windows RT 8.1
Windows Vista x64 Edition Service Pack 2
Windows Server 2016
Windows Server 2012
Windows 8
Windows 7
Windows 10
Windows Server 2008
Windows Vista Service Pack 2

CVE References

CVE-2016-3238