Microsoft Print Spooler Service Impersonation Vulnerability (MS10-061) Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

15

Microsoft Print Spooler Service Impersonation Vulnerability (MS10-061) Scanner Detail

Tests whether target machines are vulnerable to ms10-061 Printer Spooler impersonation vulnerability.

This vulnerability was used in Stuxnet worm. The script checks for the vuln in a safe way without a possibility of crashing the remote system as this is not a memory corruption vulnerability. In order for the check to work it needs access to at least one shared printer on the remote system. By default it tries to enumerate printers by using LANMAN API which on some systems is not available by default. In that case user should specify printer share name as printer script argument. To find a printer share, smb-enum-shares can be used. Also, on some systems, accessing shares requires valid credentials which can be specified with smb library arguments smbuser and smbpassword.

References:

  • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2729
  • http://technet.microsoft.com/en-us/security/bulletin/MS10-061
  • http://blogs.technet.com/b/srd/archive/2010/09/14/ms10-061-printer-spooler-vulnerability.aspx

Some Advice for Common Problems

Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service