Lexmark Driver Privilege Escalation

Posted on 12 August 2021

Various Lexmark Universal Printer drivers as listed at advisory TE953 allow low-privileged authenticated users to elevate their privileges to SYSTEM on affected Windows systems by modifying the XML file at C:ProgramData<driver name>Universal Color Laser.gdl to replace the DLL path to unires.dll with a malicious DLL path. When C:WindowsSystem32Printing_Admin_Scriptsen-USprnmngr.vbs is then used to add the printer to the affected system, PrintIsolationHost.exe, a Windows process running as NT AUTHORITYSYSTEM, will inspect the C:ProgramData<driver name>Universal Color Laser.gdl file and will load the malicious DLL from the path specified in the file. This which will result in the malicious DLL executing as NT AUTHORITYSYSTEM. Once this module is finished, it will use the prnmngr.vbs script to remove the printer it added.

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20