Security News

Security researchers have unearthed new elevation of privilege bugs in Windows Print Spooler, one of the oldest Windows components. Scarce details have been shared about the first one, aside from the note that it "Exists when the Windows Print Spooler service improperly performs privileged file operations," and can be exploited by an attacker to elevate privilege to SYSTEM level.

Unlike Windows 10 feature updates, Windows 11 comes with several new features and improvements. Windows 11 comes with centered Start Menu and taskbar, similar to Windows 10X. Start Menu doesn't come with traditional live tiles.

Another zero day vulnerability in Windows Print Spooler can give a threat actor administrative privileges on a Windows machine through a remote server under the attacker's control and the 'Queue-Specific Files' feature. Since the incomplete fix, security researchers have been heavily scrutinizing the Windows printing APIs and have found further vulnerabilities affecting the Windows print spooler.

During Windows 11's June 2021 event, Microsoft confirmed that Android apps are coming to Windows 11 and users will be able to try mobile apps on the desktop operating system. Amazon has already confirmed that its Appstore will support Android App Bundles, the next-generation Android app standard format that will eventually replace the current APK format.

Microsoft released the first preview build of Windows 10 21H2 this week, but it is not being offered to everyone at this time. On Thursday, Microsoft released the first Windows 10 21H2 preview build.

Microsoft on Thursday shared fresh guidance on yet another vulnerability affecting the Windows Print Spooler service, stating that it's working to address it in an upcoming security update. "An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges," the Windows maker said in its advisory.

Microsoft rolled out Patch Tuesday updates for the month of July with fixes for a total of 117 security vulnerabilities, including nine zero-day flaws, of which four are said to be under active attacks in the wild, potentially enabling an adversary to take control of affected systems. "This Patch Tuesday comes just days after out-of-band updates were released to address PrintNightmare - the critical flaw in the Windows Print Spooler service that was found in all versions of Windows," Bharat Jogi, senior manager of vulnerability and threat research at Qualys, told The Hacker News.

Microsoft's problems with security defects in the Windows Print Spooler utility are getting worse by the week. After spending the last two months pushing out multiple Print Spooler fixes, Redmond's security response team late Thursday acknowledged a new, unpatched bug that exposes Windows users to privilege escalation attacks.

Microsoft has shared guidance revealing yet another vulnerability connected to its Windows Print Spooler service, saying it is "Developing a security update." The latest Print Spooler service vuln has been assigned CVE-2021-34481, and can be exploited to elevate privilege to SYSTEM level via file operations.

A set of unique spyware strains created by an Israeli firm and allegedly used by governments around the world to surveil dissidents has been defanged by Microsoft, the software giant said. The spyware exploits two elevation-of-privilege security vulnerabilities in Windows, CVE-2021-31979 and CVE-2021-33771, both of which were addressed in Microsoft's July Patch Tuesday update this week.