It's worth reading the full technical analysis <a href="https://windows-internals.com/printdemon-cve-2020-1048/" rel="nofollow">https://windows-internals.com/printdemon-cve-2020-1048/</a><p>It's well written and easy to follow even for someone that doesn't know much about Windows security.<p>And if you didn't read it the bug comes from the fact that the Powershell command Add-PrinterPort can be used to add a printer port as a file that you don't have access to. After restarting the spooler service you can then use this port to write to that file.
I thought Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon was a fantastic chronicle of Stuxnet.<p>For those not interested in the whole narrative, it's still interesting to browse one or two chapters of interest.<p><a href="https://www.amazon.com/Countdown-Zero-Day-Stuxnet-Digital/dp/0770436196" rel="nofollow">https://www.amazon.com/Countdown-Zero-Day-Stuxnet-Digital/dp...</a>
Why's it so difficult to write a print spooler?<p>I'm not too familar with what it does exactly. But I presume it's a queue of documents to send to a printer and some level of conversation of the data from a print document format to what the printer driver understands.<p>This seems like quite a crazy bug.
Also today, a lot of home printers are network printers so it shouldn't even require higher privilages to send the document to the printer, right?<p>Or is printing in Windows a huge can of worms like its use of UTF-16?
I'm still in awe of stuxnet:<p><a href="https://www.quora.com/What-is-the-most-sophisticated-piece-of-software-ever-written-1?share=1" rel="nofollow">https://www.quora.com/What-is-the-most-sophisticated-piece-o...</a><p>Almost certainly an NSA product.
For a recent take on the geopolitical effects of Stuxnet and many other cyber attacks, I can recommend <i>The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics</i> by Dr. Ben Buchanan.<p>I found it to be a fascinating account of international cyber attacks with a clear, well-argued thesis.<p><a href="https://www.amazon.com/Hacker-State-Attacks-Normal-Geopolitics/dp/0674987551" rel="nofollow">https://www.amazon.com/Hacker-State-Attacks-Normal-Geopoliti...</a>
Stuxnet is a masterpiece in terms of achieving goals while attacking hard to hit, network isolated facilities.<p><a href="https://en.wikipedia.org/wiki/Stuxnet" rel="nofollow">https://en.wikipedia.org/wiki/Stuxnet</a><p>It would be very interesting to see the next Stuxnet class viruses, sponsored by major companies/countries. I'm fairly sure there are some already running in the wild.
See also on <a href="https://news.ycombinator.com/item?id=23178247" rel="nofollow">https://news.ycombinator.com/item?id=23178247</a>
TL;DR; there was a local privilege escalation bug in Print Spooler (fixed yesterday). The article calls it "Stuxnet's Legacy" because Stuxnet hit the same component. But Stuxnet bug was a remote code execution (10 years ago).