Microsoft shares the Restriction Guide for a new Windows Print Spooler vulnerability trace such as CVE-2021-34481 that was revealed tonight.
Microsoft released an advisory Thursday night for a new CVE-2021-34481 enhancement of privilege vulnerability in Windows Print Spooler that Dragos security researcher Jacob Baines discovered.
Unlike the recently updated PrintNightmare vulnerability, this vulnerability can only be exploited locally to gain elevated privileges on a device.
“The attack is not really related to PrintNightmare. As you know, PN can be run remotely and this is just a local vulnerability,”
Not much is known at this time about the vulnerability, including which versions of Windows are vulnerable.
However, Baines shared with BleepingComputer that it is printer driver related.
Baines will share more information on CVE-2021-34481 on August 7 during a DEF CON speech entitled “Bring Your Own Print Driver Vulnerability.”
Mitigation measures available
While Microsoft has not released security updates to address this bug, it has provided mitigating measures that administrators can use to prevent attackers from exploiting the vulnerability.
Currently, the available option is to disable the Print Spooler service on a vulnerable device.
Option 1 – Disable the Print Spooler service
If disabling the Print Spooler service is appropriate for your business, use the following PowerShell commands:
Stop-Service -Name Spooler -Force
Set-Service -Name Spooler -StartupType Disabled
It is important to note that if you disable the print queue on a device, the device will no longer print to a local or remote printer.