After finding and patching the PrintNightmare vulnerability earlier this month, Microsoft has found another security issue with the Print Spooler app.
Microsoft has detailed a new vulnerability for the Windows Print Spooler application, allowing hackers to execute malicious code with system-wide privileges. Software bugs/security issues are fairly common for just about any operating system, though this is especially true with open-source ones like Windows. When a platform is open for just about anyone to use and tinker with, there’s a greater chance of things going wrong.
This latest vulnerability is particularly interesting because it’s the second issue with Windows Print Spooler in a month. At the beginning of July, Microsoft revealed a nasty bug called ‘PrintNightmare.’ It allowed bad actors to gain remote access to systems using Print Spooler, enabling them to install harmful software, create admin accounts for themselves, and more. Seeing as how Print Spooler is installed on virtually every Windows machine in existence, PrintNightmare had the potential to be disastrous. Thankfully, Microsoft quickly issued an update to almost all versions of Windows and Windows Server that patched PrintNightmare for good.
While PrintNightmare may be gone, it seems that another issue with the Print Spooler software has been revealed. As spotted by The Hacker News, Microsoft has published information for a new vulnerability titled ‘CVE-2021-34481.’ Microsoft has given it a CVSS score of 7.8 (indicating it’s a high security risk) and describes it as follows: “An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Why This Latest Vulnerability Isn’t As Bad As PrintNightmare
There’s no doubt this is something Microsoft needs to get patched ASAP, but there is some good news. Unlike PrintNightmare, which could be executed remotely by a hacker, CVE-2021-34481 can only be taken advantage of if someone has physical access to a computer. That’s not to diminish the severity of what can happen if CVE-2021-34481 is executed, but the fact that it can’t be done remotely is a huge silver lining.
Microsoft is still investigating the vulnerability and doesn’t have an ETA for when an update will be issued. In the meantime, folks can protect themselves by temporarily disabling Print Spooler until a patch is available. To do so, open Windows PowerShell by pressing ‘Windows+X’ on the keyboard and then click ‘Windows PowerShell’ on the pop-up menu that appears. Once the app is open, enter the code “Get-Service -Name Spooler” and press ‘Enter’ on the keyboard to see if Print Spooler is running in the first place. If it is, enter “Stop-Service -Name Spooler -Force” and “Set-Service -Name Spooler -StartupType Disabled” into PowerShell, hit Enter, and the service will stop running. This will prevent users from being able to print locally and remotely, however, so keep that in mind before doing so.
Next: Windows 365 Is A Cloud-Based Version Of Windows 11
Source: The Hacker News, Microsoft
Mass Effect Merchandise From Bethesda Raises Some Eyebrows
About The Author