SpoolFool [CVE-2022-21999]

Table of contents

  1. Vulnerability
  2. Prerequisites
  3. Exploit
  4. Recommendations

Vulnerability

This vulnerability allows to load arbitrary files as DLLs through the print spool service of Windows and execute them with administrative privileges.

More details here.

Prerequisites

  • Having a local low privileged access to the targeted machine.

Exploit

To exploit this vulnerability, you should use Ly4k’s repository. By default, the provided DLL in his repository will create a new local administrator admin:Passw0rd!, but you are free to use another or your own DLL.

.\SpoolFool.exe -dll add_user.dll

As mentioned here, don’t forget to cleanup artifacts after the exploit.

Recommendations

  • Apply the security patch provided by Microsoft on vulnerable machines.