Security News > 2021 > July > Microsoft: New Unpatched Bug in Windows Print Spooler
Microsoft has warned of yet another vulnerability that's been discovered in its Windows Print Spooler that can allow attackers to elevate privilege to gain full user rights to a system.
The company released the advisory late Thursday for the latest bug, a Windows Print Spooler elevation-of-privilege vulnerability tracked as CVE-2021-34481.
The vulnerability "Exists when the Windows Print Spooler service improperly performs privileged file operations," according to Microsoft.
The entire saga surrounding Windows Print Spooler began Tuesday, June 30, when a proof-of-concept for an initial vulnerability in the print service was dropped on GitHub showing how an attacker can exploit the flaw to take control of an affected system.
The federal government even stepped in last Thursday, when CERT/CC offered its own mitigation for PrintNightmare that Microsoft has since adopted - advising system administrators to disable the Windows Print Spooler service in Domain Controllers and systems that do not print.
To further complicate matters, Microsoft also last Thursday dropped a notice for a bug called "Windows Print Spooler Remote Code Execution Vulnerability" that appeared to be the same vulnerability, but with a different CVE number-in this case, CVE-2021-34527.
News URL
https://threatpost.com/microsoft-unpatched-bug-windows-print-spooler/167855/
Related news
- Microsoft asks Windows Insiders to try out the controversial Recall feature (source)
- Microsoft blocks Windows 11 24H2 on some PCs with USB scanners (source)
- Security? We've heard of it: How Microsoft plans to better defend Windows (source)
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- Microsoft says having a TPM is "non-negotiable" for Windows 11 (source)
- Microsoft lifts Windows 11 24H2 block on PCs with USB scanners (source)
- Microsoft says Auto HDR causes game freezes on Windows 11 24H2 (source)
- Microsoft adds another problem to the Windows 11 24H2 naughty list (source)
- Microsoft may have scrapped Windows 11's dynamic wallpapers feature (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-16 | CVE-2021-34481 | Improper Privilege Management vulnerability in Microsoft products <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. | 0.0 |
| 2021-07-02 | CVE-2021-34527 | Improper Privilege Management vulnerability in Microsoft products <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. | 0.0 |