Microsoft Security Response Center

**According to the CVSS metric, the privileges required is high (PR:H). What privileges are needed by the attacker and how are they used in the context of the remote code execution?** To successfully exploit this vulnerability, the attacker must have write access on the file share, and an active file share administrator account on the target server. With write access, the attacker would need to modify specific files on the target server to trigger code execution.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**What security feature is bypassed with this vulnerability?** A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to a powered off system could exploit this vulnerability to gain access to encrypted data.

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**Why are there two different impacts in the Security Updates table?** An attacker could potentially exploit this vulnerability to elevate privileges from a client-side application sandbox in earlier Microsoft operating systems. However, mitigation technologies in later Microsoft operating systems make this more difficult. For this reason, this vulnerability has two different impact ratings.

**What type of information could be disclosed by this vulnerability?** An attacker can gain access to uninitialized buffer information.

**Determine if the Print Spooler service is running** Run the following in Windows PowerShell: Get-Service -Name Spooler If the Print Spooler is running or if the service is not disabled, follow these steps: **Stop and disable the Print Spooler service** If stopping and disabling the Print Spooler service is appropriate for your environment, run the following in Windows PowerShell: Stop-Service -Name Spooler -Force Set-Service -Name Spooler -StartupType Disabled **Impact of workaround** Stopping and disabling the Print Spooler service disables the ability to print both locally and remotely.