Home / Technology / Microsoft warns of new vulnerability in Windows Print Spooler

Microsoft warns of new vulnerability in Windows Print Spooler

Microsoft on Thursday shared new guidance on yet another security issue affecting the Windows Print Spooler service, and said they are working to resolve it in an upcoming security update.

Tracked as CVE-2021-34481 (CVSS Score: 7.8), the issue concerns a local escalation error that can be exploited to perform unauthorized actions on the system. The company credited security researcher Jacob Baines for detecting and reporting the error.

Stack Overflow Teams

“There is an increase in privilege vulnerability when the Windows Print Spooler service incorrectly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges,” said the Windows manufacturer in its advice. “An attacker could then install programs; view, modify or delete data; or create new accounts with full user rights.”

However, it is worth pointing out that successful exploitation of the vulnerability requires the attacker to be able to execute code on a victim system. In other words, this vulnerability can only be exploited locally to gain elevated privileges on a device.

As a solution, Microsoft recommends that users stop and disable the Print Spooler service to prevent malicious actors from exploiting the vulnerability.

The development comes days after the Redmond-based company rolled out patches to solve a critical deficiency in the same component that it revealed that was actively used to carry out attacks in nature.

Prevent Ransomware Attacks

Called PrintNightmare (CVE-2021-34527), the vulnerability stems from a lack of permission control in the Print Spooler that allows malicious printer drivers to be installed to remotely execute code or escalate local privileges on vulnerable systems.

Later, however, it was revealed that the security update outside the band could be bypassed completely under specific conditions to achieve both local escalation of privileges and external code execution. Microsoft has since said that the solutions work “as they are designed and are effective against the known print printing exploits and other public reports being collectively referred to as PrintNightmare.”

Source link