Security News > 2021 > July > You'll want to shut down the Windows Print Spooler service (yes, again): Another privilege escalation bug found
Microsoft has shared guidance revealing yet another vulnerability connected to its Windows Print Spooler service, saying it is "Developing a security update."
The latest Print Spooler service vuln has been assigned CVE-2021-34481, and can be exploited to elevate privilege to SYSTEM level via file operations.
The solution? For now, you can only "Stop and disable the Print Spooler service," disabling both the ability to print locally and remotely.
Microsoft insisted the latest hole in its print spooler code was distinct from its earlier privilege-escalation and remote-code execution vulnerabilities and hadn't been introduced by the July security update.
Just a nightmare for admins having to manage printers using the Print Spooler service then.
Baines is due to make a presentation at DEF CON entitled "Bring Your Own Print Driver Vulnerability" which promises a talk on how to use vulnerable drivers to escalate one's Windows privileges.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-16 | CVE-2021-34481 | Improper Privilege Management vulnerability in Microsoft products <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. | 0.0 |