It's well written and easy to follow even for someone that doesn't know much about Windows security.
And if you didn't read it the bug comes from the fact that the Powershell command Add-PrinterPort can be used to add a printer port as a file that you don't have access to. After restarting the spooler service you can then use this port to write to that file.
This was very interesting, thanks for posting it! I will say that this is a bit misleading though:
> the bug comes from the fact that the Powershell command Add-PrinterPort can be used ...
The bug is in the print spooler service and the Windows API to access to it. It just happens that PowerShell offers an easy way to access the Windows API, which makes it easy to illustrate the exploit.
It's well written and easy to follow even for someone that doesn't know much about Windows security.
And if you didn't read it the bug comes from the fact that the Powershell command Add-PrinterPort can be used to add a printer port as a file that you don't have access to. After restarting the spooler service you can then use this port to write to that file.