Stuxnet's Legacy Lives on in New Windows Bug

The vulnerability (CVE-2020-1048) is not a super complex remote code execution bug buried deep within the guts of Windows, but is instead a humble elevation of privilege flaw sitting in a spot that has not seen too much attention from researchers over the years. At least not publicly. The bug affects many recent versions of Windows, including Windows Server 2008, 2012, 2016, and 2019, as well as Windows 7, 8.1, and 10.

“An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” the Microsoft advisory says.

https://windows-internals.com/printdemon-cve-2020-1048/