Zero-Day Advisory
Fortinet Discovers Microsoft Windows Splwow64 Elevation of Privilege Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered an elevation of privilege vulnerability in Printer driver host application, namely splwow64, that allows adversaries to elevate privilege from low-integrity to medium-integrity
Splwow64 acts as an LPC/ALPC server that can be triggered when a print job is triggered by applications. It exposes a series of commands that can be sent by client applications related to print job operations.
The vulnerability in the splwow64 allow arbitrary program execution under elevated privilege. To exploit the vulnerability, an attacker would first have to log on to the system. Then the attacker could run a specially crafted application that could exploit the vulnerability and take control of the affected system.
Solutions
Users should apply the solution provided by Microsoft.
Timeline
Fortinet reported the vulnerability to Microsoft on August 19, 2019.
Microsoft confirmed the vulnerability on September 22, 2019.
Microsoft released patch for the vulnerability on November 13, 2019.
References
Acknowledgement
This vulnerability was discovered by Wayne Low of Fortinet's FortiGuard Labs.