Remote code execution is a method of attack whereby the attacker is able to send commands to the remote computer which then executes those commands. In most cases, these remote code executions are malicious in nature and are not authorized by the system owner.
Remote code execution is generally the second attack on a system as the first attack is to exploit a known vulnerability. This type of attack is among the most severe as an attacker who is able to execute code on a target system can often use this to exfiltrate data, delete data, install malicious software, or cause other forms of harm to a system.
The Windows print spooler, a common place of vulnerabilities, is again the focus this week as an unpatched critical flaw was uncovered when researchers accidentally published a proof-of-concept exploit. Microsoft has warned that this vulnerability is currently being exploited and the code that causes this vulnerability is in all versions of Windows. Further, the print spooler service runs by default and CISA is suggesting that businesses attempt to mitigate until a patch is released by disabling the print spooler in systems that are not used to print. This is just another example of the issues related to the windows print spooler with another famous example being the Stuxnet virus.
The remote code execution vulnerability allows an attacker to install programs, modify data, and create new users with full administrator privileges. While Microsoft has not rated this vulnerability, remote code execution is often of a severe level.
References:
BugCrowd. “Remote Code Execution.” n.d. Bugcrowd.com Remote Code Execution (RCE) | Bugcrowd
Warren, T. “Microsoft Warns of Windows ‘PrintNightmare’ Vulnerability that’s being actively Exploited.” 2 July 2021. The Verge. Microsoft warns of critical Windows ‘PrintNightmare’ vulnerability – The Verge
Cybersecurity In Action 