Old vulnerabilities die hard: researchers uncover 20-year-old code in Windows Print Spooler

It's an example of the old code that is bequeathed to popular software programs we take for granted.
windows print spooler
Print spooler hacks have survived over the past decade. (PXFuel)

Every Microsoft Windows operating system has a file that manages commands to print documents. It is ubiquitous to the point of going unnoticed. But when researchers from security firm SafeBreach took a closer look at the file, which is called a Print Spooler Service, they noticed that some of the code is two decades old.

A denial of service vulnerability the researchers reported earlier this year, which crashes the spooler service, worked not on only Windows 10, the latest operating system, but also on Windows 2000. It’s a glaring example of the old code that is bequeathed to popular software programs we take for granted.

But the researchers weren’t done dissecting the spooler service.

“We got intrigued, so we continued to dive in,” said Peleg Hadar, senior security researcher at SafeBreach Labs. They found another bug in the spooler service that could allow an attacker to gain system privileges on a machine. After Microsoft patched the issue in May, Hadar and his colleague, Tomer Bar, reverse-engineered the patch and developed a new exploit that Microsoft is still working to address.


While presenting their findings at the Black Hat hacking conference this week, Hadar and Bar release proof-of-concept code on GitHub designed to help detect attacks on the spooler service.

“We wanted to get people to think of a wider approach on how these kinds of issues can be mitigated,” Hadar told CyberScoop.`

The most famous malware to abuse a print spooler service was Stuxnet, the computer worm that sabotaged centrifuges at an Iranian nuclear facility a decade ago. Stuxnet spread, in part, through an exploit that copied the malware onto remote computers through the spooler service.

Liam O’Murchu, a security specialist who investigated Stuxnet, marveled at the longevity of security issues in the spooler service.

“It is amazing that the print spooler code appears to have survived untouched from when Stuxnet was discovered over 10 years ago through to today, and may in fact date back 20 years,” O’Murchu, director of the security technology and response group at Symantec, told CyberScoop.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts