CVE-2013-1339

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows RT

Description The issue is related to the Print Spooler in Microsoft Windows, which does not properly manage memory during the deletion of printer connections. This allows remote authenticated users to execute arbitrary code via a crafted request. An elevation of privilege vulnerability exists in the way that the Microsoft Windows Print Spooler handles memory when a printer is deleted.

Recommendations For Microsoft Windows Vista SP2, update to a version that includes the fix for the Print Spooler issue. For Microsoft Windows Server 2008 SP2 and R2 SP1, update to a version that includes the fix for the Print Spooler issue. For Microsoft Windows 7 SP1, update to a version that includes the fix for the Print Spooler issue. For Microsoft Windows 8, update to a version that includes the fix for the Print Spooler issue. For Microsoft Windows Server 2012, update to a version that includes the fix for the Print Spooler issue. For Microsoft Windows RT, update to a version that includes the fix for the Print Spooler issue. As a temporary workaround, consider restricting access to the Print Spooler service to minimize the risk of exploitation.