Do customers need to take additional action if they have already downloaded and ran the Microsoft Printer Metadata Remediation Tool documented in KB5034510? No, customers who have already downloaded and ran the tool do not need to take additional action. The tool can be removed after its use as the machine is no longer susceptible to this vulnerability. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? A user needs to be tricked into running malicious files.
<a href="http://eskamation.de/">Stefan Kanthak</a>