FAQ
How could an attacker exploit this vulnerability? An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.
MSRC compact vulnerability detail
CVE-2023-35302 · Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
No description was published by MSRC.
Signals
Microsoft Printer Drivers
Remote Code Execution
Exploited: No
Publicly disclosed: No
Exploitability: Exploitation Less Likely
CWE
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Description
No description was published by MSRC.
FAQ / Articles
Workaround
Determine if the Print Spooler service is running Run the following in Windows PowerShell: Get-Service -Name Spooler If the Print Spooler is running or if the service is not set to disabled, select one of the following options to either disable the Print Spooler service, or to Disable inbound remote printing through Group Policy: Option 1 - Disable the Print Spooler service If disabling the Print Spooler service is appropriate for your enterprise, use the following PowerShell commands: Stop-Service -Name Spooler -Force Set-Service -Name Spooler -StartupType Disabled Impact of workaround Disabling the Print Spooler service disables the ability to print both locally and remotely. Option 2 - Disable inbound remote printing through Group Policy You can also configure the settings via Group Policy as follows: Computer Configuration / Administrative Templates / Printers Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks. You must restart the Print Spooler service for the group policy to take effect. Impact of workaround This policy will block the remote attack vector by preventing inbound remote printing operations. The system will no longer f...