CVE-2020-1048
Description
Windows Print Spooler improperly allows arbitrary file writes, enabling local privilege escalation to SYSTEM.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Windows Print Spooler improperly allows arbitrary file writes, enabling local privilege escalation to SYSTEM.
Vulnerability
The Windows Print Spooler service (spoolsv.exe) contains an elevation of privilege vulnerability due to improper enforcement of file write permissions. An attacker can exploit this to write arbitrary files to the file system, including to locations normally restricted to higher-integrity processes. This affects all supported versions of Windows at the time of disclosure (May 2020). The vulnerability is distinct from CVE-2020-1070.
Exploitation
An attacker must already have local access to the system with limited user privileges. No user interaction is required beyond the attacker's own actions. The attacker can trigger the Print Spooler to write a specially crafted file (e.g., a malicious DLL) to a system directory, such as C:\Windows\System32\, by sending a crafted print job or manipulating spooler operations.
Impact
Successful exploitation allows the attacker to execute arbitrary code in the context of the SYSTEM account, gaining complete control over the affected system. This includes the ability to install programs, view/change/delete data, and create new accounts with full user rights.
Mitigation
Microsoft released a security update as part of the May 2020 Patch Tuesday (KB4556799 for Windows 10, version 1909, and corresponding updates for other versions). Users should apply the latest Windows updates. No workaround is available; the only mitigation is to install the patch. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of this writing.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
11- Microsoft/Windows 10 Version 1903 for 32-bit Systemsv5Range: unspecified
- Microsoft/Windows 10 Version 1903 for ARM64-based Systemsv5Range: unspecified
- Microsoft/Windows 10 Version 1903 for x64-based Systemsv5Range: unspecified
- Microsoft/Windows 10 Version 1909 for 32-bit Systemsv5Range: unspecified
- Microsoft/Windows 10 Version 1909 for ARM64-based Systemsv5Range: unspecified
- Microsoft/Windows 10 Version 1909 for x64-based Systemsv5Range: unspecified
- Range: version 1803 (Core Installation)
- Microsoft/Windows Server, version 1903 (Server Core installation)v5Range: unspecified
- Microsoft/Windows Server, version 1909 (Server Core installation)v5Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3- packetstormsecurity.com/files/158222/Windows-Print-Spooler-Privilege-Escalation.htmlmitrex_refsource_MISC
- packetstormsecurity.com/files/159217/Microsoft-Spooler-Local-Privilege-Elevation.htmlmitrex_refsource_MISC
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1048mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.