Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
Backforce One Plus Gaming Chair review
ASUS GeForce RTX 3080 Noctua OC review
AMD Ryzen 5 5600 review
PowerColor RX 6650 XT Hellhound White review
FSP Hydro PTM Pro (1200W PSU) review
ASUS ROG Radeon RX 6750 XT STRIX review
AMD FidelityFX Super Resolution 2.0 - preview
Sapphire Radeon RX 6650 XT Nitro+ review
Sapphire Radeon RX 6950 XT Sapphire Nitro+ Pure review
Sapphire Radeon RX 6750 XT Nitro+ review

New Downloads
GeForce 512.95 WHQL driver download
AMD Radeon Software Adrenalin 22.5.2 driver download
AIDA64 Download Version 6.70
FurMark Download v1.30
Display Driver Uninstaller Download version 18.0.5.1
Download Samsung Magician v7.1.1.820
Intel ARC graphics Driver Download Version: 30.0.101.1732
HWiNFO Download v7.24
GeForce 512.77 WHQL driver download
Intel HD graphics Driver Download Version: 30.0.101.1960


New Forum Topics
Info Zone - gEngines, Ray Tracing, DLSS, DLAA, TSR, FSR, XeSS, DLDSR etc. Antec Announces Cannon full-tower chassis at a whopping 500 USD Fine Utilise Power of RadeonPRO Software & SweetFX Part 2 NVIDIA GeForce 512.95 WHQL driver download & Discussion RDNA2 RX6000 Series Owners Thread, Tests, Mods, BIOS & Tweaks ! [3rd-Party Driver] Amernime Zone Radeon Insight 22.5.1 WHQL Driver Pack (Released) New Upcoming ATI/AMD GPU's Thread: Leaks, Hopes & Aftermarket GPU's Windows 11 Insider Builds Review: ASUS GeForce RTX 3080 Noctua OC Streacom Announces the DA6 Frame Chassis




Guru3D.com » News » Microsoft security advisory - new vulnerability in the Windows Print Spooler feature.

Microsoft security advisory - new vulnerability in the Windows Print Spooler feature.

by Hilbert Hagedoorn on: 08/13/2021 09:00 AM | source: CVE-2021-36958 | 13 comment(s)
Microsoft security advisory - new vulnerability in the Windows Print Spooler feature.

Microsoft has issued another security advisory regarding a new vulnerability in the Windows Print Spooler feature. An attacker can take advantage of this vulnerability to execute code with administrative privileges on a system. As a solution, the business recommends that you disable the Spooler feature on your computer.

When attempting to connect to a print server, the vulnerability is revealed. An.dll file can be copied to the client, which then opens a system level command prompt, from which code can be executed, using this print server. The vulnerability has been assigned the identification number CVE-2021-36958 and has been assigned a CVSS score of 6.8. An attacker who successfully exploits this vulnerability may be able to execute code with system privileges, according to the company's statement. "An attacker has the ability to install programs, edit data, and establish new accounts with full access rights to the system," says the author.

Microsoft is aware of the vulnerability but has not yet produced a patch to address it. According to the firm, a workaround is available, which suggests that the Print Spooler service be turned off entirely. Microsoft previously gave the same warning in preparation of patches for vulnerabilities known as PrintNightmare, which were identified in the Print Spooler service a few weeks ago and are being worked on by the company's security researchers.

Over the past few weeks, Microsoft uncovered numerous vulnerabilities in the Windows Print Spooler service, which were being actively exploited at the time of discovery. The first emergency patch, provided by Microsoft in early July, was intended to address a series of vulnerabilities in the Print Spooler functionality, which had been discovered. The system's security measures, however, were not sufficient to prevent a local privilege escalation. A second patch was later released, which altered the process by which printer drivers could be installed on Windows. System administrators will be the only ones who will be able to do this from now on.







« AMD Epyc CPUs have a flaw that exposes the Secure Processor under virtualization · Microsoft security advisory - new vulnerability in the Windows Print Spooler feature. · Dirac Spatial Audio for Philips' First Gaming Headsets »

Related Stories

Microsoft has halted the Windows 365 trial because of "extremely high demand." - 08/05/2021 09:32 AM
Microsoft officially launched Windows 365, a cloud-based PC service that provides businesses with a virtual Windows 10 desktop. The service was officially launched earlier this week....

Microsoft makes choice for a different default browser extra difficult in Windows 11 - 08/02/2021 06:21 PM
An old annoyance appears to have returned to Windows 11 in the form of being unable to quickly change the default browser....

System requirements for Microsoft Windows 11 remain unchanged - 07/27/2021 08:40 AM
Microsoft has reconfirmed that users with outdated systems will not be able to upgrade to the new Windows version due to security reasons, among other things....

Microsoft shows 11 new screenshots of Forza Horizon 5 - 07/27/2021 08:40 AM
11 new 4K screenshots of Forza Horizon 5 have been released by Microsoft and Playground Games, showing what to expect when the game launches in November....

Intel kinda confirms Microsoft Windows 11 release date - 07/20/2021 08:51 AM
Intel announced when Windows 11 is released in a driver release log. The Microsoft release date itself has not been specified yet, but the Intel paper indicates that the new operating system will be i...


3 pages 1 2 3


Reddoguk
Senior Member



Posts: 2324
Joined: 2010-05-26

#5937630 Posted on: 08/13/2021 08:53 AM
I always do disable printer spooler because i never use a printer so it's a useless use of resources. All those processes for printing should be able to be removed from the install of a fresh copy of Windows.

Astyanax
Senior Member



Posts: 13294
Joined: 2018-03-21

#5937658 Posted on: 08/13/2021 10:37 AM
still requires an exploited system to pull off.

Excalibur1814
Member



Posts: 67
Joined: 2020-08-19

#5937662 Posted on: 08/13/2021 10:55 AM
still requires an exploited system to pull off.


You might need to see a therapist for that.

Reardan
Senior Member



Posts: 472
Joined: 2014-09-21

#5937719 Posted on: 08/13/2021 02:30 PM
still requires an exploited system to pull off.


It doesn't require an exploited system, it just requires you to have access to a system. Phishing a regular user, even initiating a teamviewer session with a regular payroll or maintenance or whatever employee will get you the access you need to take over the entire domain. If you can get logged in via any means as anyone, you can make it happen. It's a big big big flaw.

Astyanax
Senior Member



Posts: 13294
Joined: 2018-03-21

#5937734 Posted on: 08/13/2021 03:19 PM
It doesn't require an exploited system, it just requires you to have access to a system. Phishing a regular user, even initiating a teamviewer session with a regular payroll or maintenance or whatever employee will get you the access you need to take over the entire domain. If you can get logged in via any means as anyone, you can make it happen. It's a big big big flaw.


it requires a trojan compromised administrator level account that can add compromised spool drivers.

A standard user cannot add or remove spool drivers, the only way a standard user is getting a compromised driver is by having a printserver up the line serving a compromised driver to client systems.

this exploit is not browse by or remotely triggerable without a trojan already permitting privilege escalation.

PS: once you have physical access to the machine, the accounts mean little,

3 pages 1 2 3


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2022