Описание
Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability
FAQ
Do customers need to take additional action if they have already downloaded and ran the Microsoft Printer Metadata Remediation Tool documented in KB5034510?
No, customers who have already downloaded and ran the tool do not need to take additional action. The tool can be removed after its use as the machine is no longer susceptible to this vulnerability.
According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?
The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
A user needs to be tricked into running malicious files.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Printer Metadata Troubleshooter Tool |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
Связанные уязвимости
Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability
Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability
Уязвимость средства устранения ошибок в работе принтера Microsoft Printer Metadata Troubleshooter Tool, связанная с недостаточной проверкой входных данных, позволяющая нарушителю выполнить произвольный код
EPSS