Just as there has been a spate of hugely problematic updates for Windows 10 over the last year, in recent weeks there has been a seemingly endless stream of security flaws relating to the Windows print spooler. Now Microsoft has acknowledged another zero-day vulnerability.
There is currently no fix available for the security bug, a Remote Code Execution vulnerability which is being tracked as CVE-2021-36958. However, Microsoft has offered up a (less than ideal) workaround for this latest vulnerability from the PrintNightmare family.
Security researcher Benjamin Delpy recently shared a Proof of Concept on Twitter, and Microsoft has confirmed that CVE-2021-36958 relates to this. The security vulnerability has a CVSS score of 7.3, and there is some confusion about why it has been classed as remote code execution flaw when local access is required to exploit it.
Microsoft says of the flaw:
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
As has been the case with previous related bugs, there is a workaround, but it is one that is less than ideal for many people — stopping and disabling the Print Spooler service.
Microsoft shares details of the steps people need to take:
Determine if the Print Spooler service is running
Run the following in Windows PowerShell:
Get-Service -Name Spooler
If the Print Spooler is running or if the service is not disabled, follow these steps:
Stop and disable the Print Spooler service
If stopping and disabling the Print Spooler service is appropriate for your environment, run the following in Windows PowerShell:
Stop-Service -Name Spooler -Force
Set-Service -Name Spooler -StartupType Disabled
Impact of workaround Stopping and disabling the Print Spooler service disables the ability to print both locally and remotely.
Image credit: Sundry Photography / Shutterstock