Security News > 2021 > August > Microsoft Warns of Another Unpatched Windows Print Spooler RCE Vulnerability
A day after releasing Patch Tuesday updates, Microsoft acknowledged yet another remote code execution vulnerability in the Windows Print Spooler component, adding that it's working to remediate the issue in an upcoming security update.
"A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations," the company said in its out-of-band bulletin, echoing the vulnerability details for CVE-2021-34481.
"An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
It's worth noting that the Windows maker has since released updates to change the default Point and Print default behavior, effectively barring non-administrator users from installing or updating new and existing printer drivers using drivers from a remote computer or server without first elevating themselves to an administrator.
As workarounds, Microsoft is recommending users to stop and disable the Print Spooler service to prevent malicious actors from exploiting the vulnerability.
The CERT Coordination Center, in a vulnerability note, is also advising users to block outbound SMB traffic to prevent connecting to a malicious shared printer.
News URL
Related news
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- Microsoft lifts Windows 11 24H2 block on PCs with USB scanners (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- Microsoft says Auto HDR causes game freezes on Windows 11 24H2 (source)
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)
- Microsoft adds another problem to the Windows 11 24H2 naughty list (source)
- Microsoft may have scrapped Windows 11's dynamic wallpapers feature (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-16 | CVE-2021-34481 | Improper Privilege Management vulnerability in Microsoft products <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. | 0.0 |