An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations, Microsoft wrote in Thursday’s advisory.An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.Microsoft said that the attacker must first have the ability to execute code on a victim’s system. The advisory rates in-the-wild exploits as “more likely”. Microsoft continues to advise that customers install the previously issued security updates. A print spooler is software that manages the sending of jobs to the printer by temporarily storing data in a buffer and processing the jobs sequentially or by job priority.
Dan Goodin
The workaround for this vulnerability is stopping and disabling the Print Spooler service, Thursday’s advisory said. It provides several methods customers can use to do so.
I went ahead and disabled the print spooler on my personal laptop, thinking I would not need it on a regular basis, but in the process I stumbled upon one of the weirder and more unexpected dependencies in Microsoft software. Apparently, since Excel 2010, charts located on separate chart sheets somehow rely on printer drivers for their dimensions. With the print spooler stopped, the system behaves as if no printer is installed and because of this Excel chart areas default to a fixed size and cannot be resized! The result is a weird looking mini-chart, sometimes with distorted text.
I am not terribly bothered by this issue – I could always turn the print spooler back on – but I wanted to share this surprising discovery in case someone else has trouble resizing Excel charts; a stopped print spooler may well be the cause.
Post a Comment