Windows Print Spooler vulnerability could allow escalation of privilege
Report ID: MS201306004
Date Published: 25 June 2013
Criticality: Important
Compromise Type: privilege-escalation
Compromise From: unknown
Affected Product/Component:
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 8
Windows Server 2012
Windows RT
Summary
A vulnerability in Windows Print Spooler could be exploited into allowing an attacker to run code on an affected system with system privileges.
Detailed Description
Microsoft has issued a security update to address a vulnerability in Windows Print Spooler, which could be exploited into allowing an attacker to execute code with system privileges. The vulnerability was caused by improper memory handling when a printer connection is deleted.
This issue has been resolved through the latest update by correcting the way that Windows Print Spooler allocates memory when a printer connection is deleted. Users are recommended to install the update onto their system as a protection measure against possible exploit attempts.
CVE Reference
CVE-2013-1339
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-050)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.
