Microsoft Windows Line Printer Daemon Service Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in the Windows Line Printer Daemon (LPD) service. This issue arises from improper parsing and handling of incoming print requests, allowing unauthenticated attackers to execute arbitrary code on affected systems. The vulnerability is present in several versions of Windows, including Windows 10, Windows 11, Windows Server 2022, and Windows Server 2025. The LPD service is not installed or enabled by default and has been deprecated since Windows Server 2012.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Reproduction

To reproduce this vulnerability, an unauthenticated attacker can send a specially crafted print task to a shared vulnerable Windows LPD service over the network. The exploitation takes advantage of a race condition in the service's request handling, leading to arbitrary code execution on the server.

Remediation

Users are advised to disable the LPD service and block TCP port 515, which is used by the LPD. Official security updates are also available from Microsoft to address this vulnerability.