Security News

Microsoft's problems with security defects in the Windows Print Spooler utility are getting worse by the week. After spending the last two months pushing out multiple Print Spooler fixes, Redmond's security response team late Thursday acknowledged a new, unpatched bug that exposes Windows users to privilege escalation attacks.

Microsoft has shared guidance revealing yet another vulnerability connected to its Windows Print Spooler service, saying it is "Developing a security update." The latest Print Spooler service vuln has been assigned CVE-2021-34481, and can be exploited to elevate privilege to SYSTEM level via file operations.

A set of unique spyware strains created by an Israeli firm and allegedly used by governments around the world to surveil dissidents has been defanged by Microsoft, the software giant said. The spyware exploits two elevation-of-privilege security vulnerabilities in Windows, CVE-2021-31979 and CVE-2021-33771, both of which were addressed in Microsoft's July Patch Tuesday update this week.

Microsoft will continue to release Windows 10 feature updates, such as Windows 10 21H2, through October 2025 to allow businesses and consumers time to switch to Windows 11. As most of the development for new features is going into Windows 11, Microsoft will be releasing limited features for Windows 10 going forward.

Microsoft has warned of yet another vulnerability that's been discovered in its Windows Print Spooler that can allow attackers to elevate privilege to gain full user rights to a system. The company released the advisory late Thursday for the latest bug, a Windows Print Spooler elevation-of-privilege vulnerability tracked as CVE-2021-34481.

Microsoft is sharing mitigation guidance on a new Windows Print Spooler vulnerability tracked as CVE-2021-34481 that was disclosed tonight. Microsoft released an advisory Thursday night for a new CVE-2021-34481 elevation of privilege vulnerability in the Windows Print Spooler that Dragos security researcher Jacob Baines discovered.

Microsoft will continue to release Windows 10 feature updates, such as Windows 10 21H2, through October 2025 to allow businesses and consumers time to switch to Windows 11. As most of the development for new features is going into Windows 11, Microsoft will be releasing limited features for Windows 10 going forward.

71 is now live in the Dev Channel of the Windows Insider program and it comes with visual improvements for the context menu and various right-click menus. As part of the latest update, Microsoft is refreshing the right-click menu within File Explorer and other apps with Fluent Design acrylic effect.

Microsoft's print nightmare continues with another example of how a threat actor can achieve SYSTEM privileges by abusing malicious printer drivers. This vulnerability is tracked as CVE-2021-34527 and is a missing permission check in the Windows Print Spooler that allows for installing malicious print drivers to achieve remote code execution or local privilege escalation on vulnerable systems.

Microsoft and Citizen Lab have linked Israeli spyware company Candiru to new Windows spyware dubbed DevilsTongue deployed using now patched Windows zero-day vulnerabilities. The investigation into Candiru's attacks started after Citizen Labs shared malware samples found on a victim's systems and led to the discovery of CVE-2021-31979 and CVE-2021-33771, two zero-day vulnerabilities fixed by Microsoft during this month's Patch Tuesday.