Palit GeForce GTX 1630 4GB Dual review
FSP Dagger Pro (850W PSU) review
Razer Leviathan V2 gaming soundbar review
Guru3D NVMe Thermal Test - the heatsink vs. performance
EnGenius ECW220S 2x2 Cloud Access Point review
Alphacool Eisbaer Aurora HPE 360 LCS cooler review
Noctua NH-D12L CPU Cooler Review
Silicon Power XPOWER XS70 1TB NVMe SSD Review
Hyte Y60 chassis review
ASUS ROG Thor 1000W Platinum II (1000W PSU) review
Microsoft security advisory - new vulnerability in the Windows Print Spooler feature.
Microsoft has issued another security advisory regarding a new vulnerability in the Windows Print Spooler feature. An attacker can take advantage of this vulnerability to execute code with administrative privileges on a system. As a solution, the business recommends that you disable the Spooler feature on your computer.
When attempting to connect to a print server, the vulnerability is revealed. An.dll file can be copied to the client, which then opens a system level command prompt, from which code can be executed, using this print server. The vulnerability has been assigned the identification number CVE-2021-36958 and has been assigned a CVSS score of 6.8. An attacker who successfully exploits this vulnerability may be able to execute code with system privileges, according to the company's statement. "An attacker has the ability to install programs, edit data, and establish new accounts with full access rights to the system," says the author.
Microsoft is aware of the vulnerability but has not yet produced a patch to address it. According to the firm, a workaround is available, which suggests that the Print Spooler service be turned off entirely. Microsoft previously gave the same warning in preparation of patches for vulnerabilities known as PrintNightmare, which were identified in the Print Spooler service a few weeks ago and are being worked on by the company's security researchers.
Over the past few weeks, Microsoft uncovered numerous vulnerabilities in the Windows Print Spooler service, which were being actively exploited at the time of discovery. The first emergency patch, provided by Microsoft in early July, was intended to address a series of vulnerabilities in the Print Spooler functionality, which had been discovered. The system's security measures, however, were not sufficient to prevent a local privilege escalation. A second patch was later released, which altered the process by which printer drivers could be installed on Windows. System administrators will be the only ones who will be able to do this from now on.
Microsoft has halted the Windows 365 trial because of "extremely high demand." - 08/05/2021 09:32 AM
Microsoft officially launched Windows 365, a cloud-based PC service that provides businesses with a virtual Windows 10 desktop. The service was officially launched earlier this week....
Microsoft makes choice for a different default browser extra difficult in Windows 11 - 08/02/2021 06:21 PM
An old annoyance appears to have returned to Windows 11 in the form of being unable to quickly change the default browser....
System requirements for Microsoft Windows 11 remain unchanged - 07/27/2021 08:40 AM
Microsoft has reconfirmed that users with outdated systems will not be able to upgrade to the new Windows version due to security reasons, among other things....
Microsoft shows 11 new screenshots of Forza Horizon 5 - 07/27/2021 08:40 AM
11 new 4K screenshots of Forza Horizon 5 have been released by Microsoft and Playground Games, showing what to expect when the game launches in November....
Intel kinda confirms Microsoft Windows 11 release date - 07/20/2021 08:51 AM
Intel announced when Windows 11 is released in a driver release log. The Microsoft release date itself has not been specified yet, but the Intel paper indicates that the new operating system will be i...
Mineria
Senior Member
Posts: 5406
Joined: 2007-05-05
Senior Member
Posts: 5406
Joined: 2007-05-05
#5937836 Posted on: 08/13/2021 09:18 PM
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958
Where do you see that it requires physical access, or a trojan? And it doesn't have to be a compromised print server on the network, it can just be a public facing print server you control.
I did get my print nightmares mixed up otherwise. This is only local escalation, not domain like before. Aside from that though idk where you got your information.
As stated in the article from that link: Local
If you expand you will see the following:
The vulnerable component is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or remotely (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., tricking a legitimate user into opening a malicious document)
Which is pure logic when you have deeper insides of Windows and it's service stack, so Astyanax is completely correct with his claims.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958
Where do you see that it requires physical access, or a trojan? And it doesn't have to be a compromised print server on the network, it can just be a public facing print server you control.
I did get my print nightmares mixed up otherwise. This is only local escalation, not domain like before. Aside from that though idk where you got your information.
As stated in the article from that link: Local
If you expand you will see the following:
The vulnerable component is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or remotely (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., tricking a legitimate user into opening a malicious document)
Which is pure logic when you have deeper insides of Windows and it's service stack, so Astyanax is completely correct with his claims.
Reardan
Senior Member
Posts: 472
Joined: 2014-09-21
Senior Member
Posts: 472
Joined: 2014-09-21
#5937856 Posted on: 08/13/2021 10:39 PM
It literally says "remotely or via user interaction." It does not say physical access is required. Physical access means you need solder, or remove, or short, or do something physical to the machine that you can ONLY do when there...It doesn't mean manipulate the keyboard guys come on what is this?
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17099
This is an example of an attack requiring PHYSICAL ACCESS you can see because the Vector says PHYSICAL. Local and physical are different.
It literally says "remotely or via user interaction." It does not say physical access is required. Physical access means you need solder, or remove, or short, or do something physical to the machine that you can ONLY do when there...It doesn't mean manipulate the keyboard guys come on what is this?
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17099
This is an example of an attack requiring PHYSICAL ACCESS you can see because the Vector says PHYSICAL. Local and physical are different.
tsunami231
Senior Member
Posts: 12885
Joined: 2003-05-24
Senior Member
Posts: 12885
Joined: 2003-05-24
#5937900 Posted on: 08/14/2021 03:41 AM
still dont care that printer spool service has been disable for 15+ years and has been turn on maybe 10 in that time
still dont care that printer spool service has been disable for 15+ years and has been turn on maybe 10 in that time
Astyanax
Senior Member
Posts: 13423
Joined: 2018-03-21
Senior Member
Posts: 13423
Joined: 2018-03-21
#5937919 Posted on: 08/14/2021 08:09 AM
It literally says "remotely or via user interaction." It does not say physical access is required. Physical access means you need solder, or remove, or short, or do something physical to the machine that you can ONLY do when there...It doesn't mean manipulate the keyboard guys come on what is this?
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17099
This is an example of an attack requiring PHYSICAL ACCESS you can see because the Vector says PHYSICAL. Local and physical are different.
Thank you for basically misunderstanding what you've read but confirming it anyway.
The print server must already be exploited locally, via trojan or ignorant user believing a tech support scam to serve clients a malformed driver allowing access into the clients remotely.
It literally says "remotely or via user interaction." It does not say physical access is required. Physical access means you need solder, or remove, or short, or do something physical to the machine that you can ONLY do when there...It doesn't mean manipulate the keyboard guys come on what is this?
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17099
This is an example of an attack requiring PHYSICAL ACCESS you can see because the Vector says PHYSICAL. Local and physical are different.
Thank you for basically misunderstanding what you've read but confirming it anyway.
The print server must already be exploited locally, via trojan or ignorant user believing a tech support scam to serve clients a malformed driver allowing access into the clients remotely.
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 472
Joined: 2014-09-21
it requires a trojan compromised administrator level account that can add compromised spool drivers.
A standard user cannot add or remove spool drivers, the only way a standard user is getting a compromised driver is by having a printserver up the line serving a compromised driver to client systems.
this exploit is not browse by or remotely triggerable without a trojan already permitting privilege escalation.
PS: once you have physical access to the machine, the accounts mean little,
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958
Where do you see that it requires physical access, or a trojan? And it doesn't have to be a compromised print server on the network, it can just be a public facing print server you control.
I did get my print nightmares mixed up otherwise. This is only local escalation, not domain like before. Aside from that though idk where you got your information.