Microsoft Safety Bulletin Warns of New Home windows Print Spooler RCE Vulnerability


Windows Print Spooler RCE Vulnerability

A day after releasing Patch Tuesday updates, Microsoft acknowledged one more distant code execution vulnerability within the Home windows Print Spooler part, including that it is working to remediate the difficulty in an upcoming safety replace.

Tracked as CVE-2021-36958 (CVSS rating: 7.3), the unpatched flaw is the newest to affix a list of bugs collectively generally known as PrintNightmare which have plagued the printer service and are available to mild in current months. Victor Mata of FusionX, Accenture Safety, who has been credited with reporting the flaw, said the difficulty was disclosed to Microsoft in December 2020.

Stack Overflow Teams

“A distant code execution vulnerability exists when the Home windows Print Spooler service improperly performs privileged file operations,” the corporate mentioned in its out-of-band bulletin, echoing the vulnerability particulars for CVE-2021-34481. “An attacker who efficiently exploited this vulnerability may run arbitrary code with SYSTEM privileges. An attacker may then set up applications; view, change, or delete knowledge; or create new accounts with full person rights.”

Windows Print Spooler RCE Vulnerability

It is price noting that the Home windows maker has since launched updates to alter the default Level and Print default habits, successfully barring non-administrator customers from putting in or updating new and present printer drivers utilizing drivers from a distant laptop or server with out first elevating themselves to an administrator.

As workarounds, Microsoft is recommending customers to cease and disable the Print Spooler service to stop malicious actors from exploiting the vulnerability. The CERT Coordination Middle, in a vulnerability note, can also be advising customers to dam outbound SMB visitors to stop connecting to a malicious shared printer.





Source link