CVE-2023-32017

Q: What is the severity of CVE-2023-32017?

CVE-2023-32017 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote code execution through the Microsoft PostScript Printer Driver. Attackers can exploit it by sending specially crafted PostScript files to vulnerable systems, potentially gaining SYSTEM privileges. Affects Windows systems with the PostScript printer driver installed.

7.8 HIGH

Remote Code Execution

📋 TL;DR

This vulnerability allows remote code execution through the Microsoft PostScript Printer Driver. Attackers can exploit it by sending specially crafted PostScript files to vulnerable systems, potentially gaining SYSTEM privileges. Affects Windows systems with the PostScript printer driver installed.

💻 Affected Systems

Products:

Microsoft Windows

Versions: Windows 10, Windows 11, Windows Server 2019, Windows Server 2022

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires PostScript printer driver to be installed or accessible. Print Spooler service must be running.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full SYSTEM privilege remote code execution leading to complete system compromise, lateral movement, and data exfiltration.

🟠

Likely Case

Privilege escalation leading to persistence, credential theft, and installation of additional malware.

🟢

If Mitigated

Limited impact with proper network segmentation, least privilege, and updated systems.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending malicious PostScript files to the print spooler service.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: July 2023 security updates

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32017

Restart Required: Yes

Instructions:

1. Apply July 2023 Windows security updates via Windows Update. 2. For enterprise: Deploy through WSUS or Microsoft Update Catalog. 3. Restart affected systems after patch installation.

🔧 Temporary Workarounds

Disable Print Spooler Service

windows

Stops the vulnerable service from running

sc stop spooler
sc config spooler start= disabled

Restrict Print Spooler Network Access

windows

Blocks remote access to print spooler via firewall

netsh advfirewall firewall add rule name="Block Print Spooler" dir=in action=block protocol=TCP localport=135,445,9100

🧯 If You Can't Patch

Implement network segmentation to isolate print servers
Apply least privilege principles to print service accounts

🔍 How to Verify

Check if Vulnerable:

Check if July 2023 security updates are installed via 'systeminfo' or Windows Update history.

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify KB5028185 (or later) is installed and Print Spooler service is running version 10.0.19041.3208 or higher.

📡 Detection & Monitoring

Log Indicators:

Event ID 4625 with Print Spooler service
Unexpected PostScript file processing in print logs

Network Indicators:

Unusual traffic to TCP ports 135, 445, 9100 from unexpected sources

SIEM Query:

source="WinEventLog:Security" EventID=4625 AND ProcessName="spoolsv.exe"

📊 Metadata

CVE ID: CVE-2023-32017

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: June 14, 2023

Last Updated: April 8, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32017 Patch,Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32017 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 21h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Print Spooler Service

Restrict Print Spooler Network Access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities