ASRock X670E Steel Legend review
Solidigm P44 Pro (1TB/2TB) M.2 NVMe SSD Review
EnGenius ECW336 WIFI6E Access Point review
MSI MEG Z790 ACE review
Deepcool LT720 LCS Cooler Review
Arctic A35/I35 A-RGB air coolers review
Minisforum HX90G (Ryzen 9 5900HX + RX 6600M) mini PC review
MSI MPG Z790 Edge (DDR4) review
MSI GeForce RTX 4080 Gaming X TRIO review
Deepcool CH510 chassis review
Microsoft security advisory - new vulnerability in the Windows Print Spooler feature.
Microsoft has issued another security advisory regarding a new vulnerability in the Windows Print Spooler feature. An attacker can take advantage of this vulnerability to execute code with administrative privileges on a system. As a solution, the business recommends that you disable the Spooler feature on your computer.
When attempting to connect to a print server, the vulnerability is revealed. An.dll file can be copied to the client, which then opens a system level command prompt, from which code can be executed, using this print server. The vulnerability has been assigned the identification number CVE-2021-36958 and has been assigned a CVSS score of 6.8. An attacker who successfully exploits this vulnerability may be able to execute code with system privileges, according to the company's statement. "An attacker has the ability to install programs, edit data, and establish new accounts with full access rights to the system," says the author.
Microsoft is aware of the vulnerability but has not yet produced a patch to address it. According to the firm, a workaround is available, which suggests that the Print Spooler service be turned off entirely. Microsoft previously gave the same warning in preparation of patches for vulnerabilities known as PrintNightmare, which were identified in the Print Spooler service a few weeks ago and are being worked on by the company's security researchers.
Over the past few weeks, Microsoft uncovered numerous vulnerabilities in the Windows Print Spooler service, which were being actively exploited at the time of discovery. The first emergency patch, provided by Microsoft in early July, was intended to address a series of vulnerabilities in the Print Spooler functionality, which had been discovered. The system's security measures, however, were not sufficient to prevent a local privilege escalation. A second patch was later released, which altered the process by which printer drivers could be installed on Windows. System administrators will be the only ones who will be able to do this from now on.
Microsoft has halted the Windows 365 trial because of "extremely high demand." - 08/05/2021 09:32 AM
Microsoft officially launched Windows 365, a cloud-based PC service that provides businesses with a virtual Windows 10 desktop. The service was officially launched earlier this week....
Microsoft makes choice for a different default browser extra difficult in Windows 11 - 08/02/2021 06:21 PM
An old annoyance appears to have returned to Windows 11 in the form of being unable to quickly change the default browser....
System requirements for Microsoft Windows 11 remain unchanged - 07/27/2021 08:40 AM
Microsoft has reconfirmed that users with outdated systems will not be able to upgrade to the new Windows version due to security reasons, among other things....
Microsoft shows 11 new screenshots of Forza Horizon 5 - 07/27/2021 08:40 AM
11 new 4K screenshots of Forza Horizon 5 have been released by Microsoft and Playground Games, showing what to expect when the game launches in November....
Intel kinda confirms Microsoft Windows 11 release date - 07/20/2021 08:51 AM
Intel announced when Windows 11 is released in a driver release log. The Microsoft release date itself has not been specified yet, but the Intel paper indicates that the new operating system will be i...
Astyanax
Senior Member
Posts: 14497
Joined: 2018-03-21
Senior Member
Posts: 14497
Joined: 2018-03-21
#5937658 Posted on: 08/13/2021 10:37 AM
still requires an exploited system to pull off.
still requires an exploited system to pull off.
Excalibur1814
Member
Posts: 68
Joined: 2020-08-19
Member
Posts: 68
Joined: 2020-08-19
#5937662 Posted on: 08/13/2021 10:55 AM
You might need to see a therapist for that.
still requires an exploited system to pull off.
You might need to see a therapist for that.
Reardan
Senior Member
Posts: 553
Joined: 2014-09-21
Senior Member
Posts: 553
Joined: 2014-09-21
#5937719 Posted on: 08/13/2021 02:30 PM
It doesn't require an exploited system, it just requires you to have access to a system. Phishing a regular user, even initiating a teamviewer session with a regular payroll or maintenance or whatever employee will get you the access you need to take over the entire domain. If you can get logged in via any means as anyone, you can make it happen. It's a big big big flaw.
still requires an exploited system to pull off.
It doesn't require an exploited system, it just requires you to have access to a system. Phishing a regular user, even initiating a teamviewer session with a regular payroll or maintenance or whatever employee will get you the access you need to take over the entire domain. If you can get logged in via any means as anyone, you can make it happen. It's a big big big flaw.
Astyanax
Senior Member
Posts: 14497
Joined: 2018-03-21
Senior Member
Posts: 14497
Joined: 2018-03-21
#5937734 Posted on: 08/13/2021 03:19 PM
it requires a trojan compromised administrator level account that can add compromised spool drivers.
A standard user cannot add or remove spool drivers, the only way a standard user is getting a compromised driver is by having a printserver up the line serving a compromised driver to client systems.
this exploit is not browse by or remotely triggerable without a trojan already permitting privilege escalation.
PS: once you have physical access to the machine, the accounts mean little,
It doesn't require an exploited system, it just requires you to have access to a system. Phishing a regular user, even initiating a teamviewer session with a regular payroll or maintenance or whatever employee will get you the access you need to take over the entire domain. If you can get logged in via any means as anyone, you can make it happen. It's a big big big flaw.
it requires a trojan compromised administrator level account that can add compromised spool drivers.
A standard user cannot add or remove spool drivers, the only way a standard user is getting a compromised driver is by having a printserver up the line serving a compromised driver to client systems.
this exploit is not browse by or remotely triggerable without a trojan already permitting privilege escalation.
PS: once you have physical access to the machine, the accounts mean little,
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 2450
Joined: 2010-05-26
I always do disable printer spooler because i never use a printer so it's a useless use of resources. All those processes for printing should be able to be removed from the install of a fresh copy of Windows.