Microsoft security advisory - new vulnerability in the Windows Print Spooler feature.
Microsoft has issued another security advisory regarding a new vulnerability in the Windows Print Spooler feature. An attacker can take advantage of this vulnerability to execute code with administrative privileges on a system. As a solution, the business recommends that you disable the Spooler feature on your computer.
When attempting to connect to a print server, the vulnerability is revealed. An.dll file can be copied to the client, which then opens a system level command prompt, from which code can be executed, using this print server. The vulnerability has been assigned the identification number CVE-2021-36958 and has been assigned a CVSS score of 6.8. An attacker who successfully exploits this vulnerability may be able to execute code with system privileges, according to the company's statement. "An attacker has the ability to install programs, edit data, and establish new accounts with full access rights to the system," says the author.
Microsoft is aware of the vulnerability but has not yet produced a patch to address it. According to the firm, a workaround is available, which suggests that the Print Spooler service be turned off entirely. Microsoft previously gave the same warning in preparation of patches for vulnerabilities known as PrintNightmare, which were identified in the Print Spooler service a few weeks ago and are being worked on by the company's security researchers.
Over the past few weeks, Microsoft uncovered numerous vulnerabilities in the Windows Print Spooler service, which were being actively exploited at the time of discovery. The first emergency patch, provided by Microsoft in early July, was intended to address a series of vulnerabilities in the Print Spooler functionality, which had been discovered. The system's security measures, however, were not sufficient to prevent a local privilege escalation. A second patch was later released, which altered the process by which printer drivers could be installed on Windows. System administrators will be the only ones who will be able to do this from now on.
Microsoft has halted the Windows 365 trial because of "extremely high demand." - 08/05/2021 09:32 AM
Microsoft officially launched Windows 365, a cloud-based PC service that provides businesses with a virtual Windows 10 desktop. The service was officially launched earlier this week....
Microsoft makes choice for a different default browser extra difficult in Windows 11 - 08/02/2021 06:21 PM
An old annoyance appears to have returned to Windows 11 in the form of being unable to quickly change the default browser....
System requirements for Microsoft Windows 11 remain unchanged - 07/27/2021 08:40 AM
Microsoft has reconfirmed that users with outdated systems will not be able to upgrade to the new Windows version due to security reasons, among other things....
Microsoft shows 11 new screenshots of Forza Horizon 5 - 07/27/2021 08:40 AM
11 new 4K screenshots of Forza Horizon 5 have been released by Microsoft and Playground Games, showing what to expect when the game launches in November....
Intel kinda confirms Microsoft Windows 11 release date - 07/20/2021 08:51 AM
Intel announced when Windows 11 is released in a driver release log. The Microsoft release date itself has not been specified yet, but the Intel paper indicates that the new operating system will be i...
Senior Member
Posts: 13294
Joined: 2018-03-21
still requires an exploited system to pull off.
Member
Posts: 67
Joined: 2020-08-19
You might need to see a therapist for that.
Senior Member
Posts: 472
Joined: 2014-09-21
It doesn't require an exploited system, it just requires you to have access to a system. Phishing a regular user, even initiating a teamviewer session with a regular payroll or maintenance or whatever employee will get you the access you need to take over the entire domain. If you can get logged in via any means as anyone, you can make it happen. It's a big big big flaw.
Senior Member
Posts: 13294
Joined: 2018-03-21
it requires a trojan compromised administrator level account that can add compromised spool drivers.
A standard user cannot add or remove spool drivers, the only way a standard user is getting a compromised driver is by having a printserver up the line serving a compromised driver to client systems.
this exploit is not browse by or remotely triggerable without a trojan already permitting privilege escalation.
PS: once you have physical access to the machine, the accounts mean little,
Senior Member
Posts: 2324
Joined: 2010-05-26
I always do disable printer spooler because i never use a printer so it's a useless use of resources. All those processes for printing should be able to be removed from the install of a fresh copy of Windows.