Security News > 2021 > July > Microsoft: New Unpatched Bug in Windows Print Spooler
Microsoft has warned of yet another vulnerability that's been discovered in its Windows Print Spooler that can allow attackers to elevate privilege to gain full user rights to a system.
The company released the advisory late Thursday for the latest bug, a Windows Print Spooler elevation-of-privilege vulnerability tracked as CVE-2021-34481.
The vulnerability "Exists when the Windows Print Spooler service improperly performs privileged file operations," according to Microsoft.
The entire saga surrounding Windows Print Spooler began Tuesday, June 30, when a proof-of-concept for an initial vulnerability in the print service was dropped on GitHub showing how an attacker can exploit the flaw to take control of an affected system.
The federal government even stepped in last Thursday, when CERT/CC offered its own mitigation for PrintNightmare that Microsoft has since adopted - advising system administrators to disable the Windows Print Spooler service in Domain Controllers and systems that do not print.
To further complicate matters, Microsoft also last Thursday dropped a notice for a bug called "Windows Print Spooler Remote Code Execution Vulnerability" that appeared to be the same vulnerability, but with a different CVE number-in this case, CVE-2021-34527.
News URL
https://threatpost.com/microsoft-unpatched-bug-windows-print-spooler/167855/
Related news
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Microsoft to remove the Location History feature in Windows (source)
- Microsoft testing fix for Windows 11 bug breaking SSH connections (source)
- Microsoft launches ad-supported Office apps for Windows users (source)
- Microsoft tests ad-supported Office apps for Windows users (source)
- Microsoft fixes Outlook drag-and-drop broken by Windows updates (source)
- Microsoft lifts Windows 11 update block for some AutoCAD users (source)
- Microsoft replacing Remote Desktop app with Windows App in May (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-16 | CVE-2021-34481 | Improper Privilege Management vulnerability in Microsoft products <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. | 0.0 |
| 2021-07-02 | CVE-2021-34527 | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. | 0.0 |