“This behavior, which dates back to Windows NT 4, is apparently by design and will not be remediated”
The patch for a severe privilege escalation vulnerability in Windows issued in May by Microsoft was bypassed within days and has had to be fixed again in August’s Patch Tuesday batch of software updates from Redmond.
May’s so called PrintDemon bug in Windows Print Spooler service lets an attacker — able to execute low-privileged code on a machine — establish a persistent backdoor, then return at any point and escalate privileges to SYSTEM.
The exploit involves a few short PowerShell commands and once the backdoor is set up, it will persist even after a patch for the vulnerability has been applied, as a detailed blog by the ZDI’s Simon Zuckerbraun notes.
The issue is one that should be firmly on the radar of CISOs, owing to the persistence of