SpoolFool [CVE-2022-21999]
Table of contents
Vulnerability
This vulnerability allows to load arbitrary files as DLLs through the print spool service of Windows and execute them with administrative privileges.
More details here.
Prerequisites
- Having a local low privileged access to the targeted machine.
Exploit
To exploit this vulnerability, you should use Ly4k’s repository. By default, the provided DLL in his repository will create a new local administrator admin:Passw0rd!
, but you are free to use another or your own DLL.
.\SpoolFool.exe -dll add_user.dll
As mentioned here, don’t forget to cleanup artifacts after the exploit.
Recommendations
- Apply the security patch provided by Microsoft on vulnerable machines.