Just when we thought the Windows Print Spooler vulnerability was addressed, Microsoft has released information about another vulnerability in the service that could allow an attacker to run arbitrary code with SYSTEM privileges.
The company is currently developing a security update to address this vulnerability, which is tracked as CVE-2021-34481. This comes after Microsoft previously addressed the PrintNightmare vulnerability in an emergency patch and it the July security patches.
Currently, the only workaround for this vulnerability is to disable the Print Spooler service.
An attacker that successfully exploits this vulnerability could feasibly install programs, view change or delete data or create new accounts with full user rights, according to Microsoft, which said the vulnerability was not being actively exploited unlike the PrintNightmare vulnerability.
Stopping and disabling the Print Spooler service disable the ability to print locally and remotely, the company said.
According to BleepingComputer, this vulnerability is unlike the PrintNightmare flaw that allowed for remote code execution before it was recently patched. The new vulnerability can only be exploited locally to gain elevated privileges on a victim’s device.
Earlier this week, Microsoft released fixes for 117 security flaws, including PrintNightmare. The company issued an emergency fix for this last week, and further addresses is in the monthly cumulative updates it released on Tuesday.
According to Microsoft, the vulnerability exists “when the Windows Print Spooler service improperly performs privileged file operations.” A successful attacker could run arbitrary code with system privileges and then install programs; view, change or delete data; or create new accounts with full user rights.
The vulnerability even caught the attention of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which has directed federal agencies to immediately apply the patch.