Security News > 2021 > July > Microsoft Warns of New Unpatched Windows Print Spooler Vulnerability

Microsoft on Thursday shared fresh guidance on yet another vulnerability affecting the Windows Print Spooler service, stating that it's working to address it in an upcoming security update.

"An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges," the Windows maker said in its advisory.

It's worth pointing out that successful exploitation of the vulnerability requires the attacker to have the ability to execute code on a victim system.

As workarounds, Microsoft is recommending users to stop and disable the Print Spooler service to prevent malicious actors from exploiting the vulnerability.

Dubbed PrintNightmare, the vulnerability stems from a missing permission check in the Print Spooler that enables the installation of malicious print drivers to achieve remote code execution or local privilege escalation on vulnerable systems.

Microsoft has since said the fixes are "Working as designed and is effective against the known printer spooling exploits and other public reports collectively being referred to as PrintNightmare."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/KIB6sSY3DOA/microsoft-warns-of-new-unpatched.html