What can you do, as an attacker, when you find yourself as a low privileged Windows user with no path to SYSTEM? Install a vulnerable print driver! In this talk, you'll learn how to introduce vulnerable print drivers to a fully patched system. Then, using three examples, you'll learn how to use the vulnerable drivers to escalate to SYSTEM.
REFERENCES:
Yarden Shafir and Alex Ionescu, PrintDemon: Print Spooler Privilege Escalation, Persistence & Stealth (CVE-2020-1048 & more) - windows-intern...
voidsec, CVE-2020-1337 - PrintDemon is dead, long live PrintDemon! - voidsec.com/cv...
Zhipeng Huo and Chuanda Ding, Evil Printer: How to Hack Windows Machines with Printing Protocol - media.defcon.o... CON 28/DEF CON Safe Mode presentations/DEF CON Safe Mode - Zhipeng-Huo and Chuanda-Ding - Evil Printer How to Hack Windows Machines with Printing Protocol.pdf
Pentagrid AG, Local Privilege Escalation in many Ricoh Printer Drivers for Windows (CVE-2019-19363) - www.pentagrid....
space-r7, Add module for CVE-2019-19363 - github.com/rap...
Microsoft, Point and Print with Packages - docs.microsoft...
Microsoft, Driver Store - docs.microsoft...
Microsoft, Printer INF Files - docs.microsoft...
Microsoft, Use Group Policy settings to control printers in Active Directory - docs.microsoft...