It hasn’t been long since Microsoft patched the devastating PrintNightmare vulnerabilities, now another flaw arrives. The recently discovered bug also exists in Windows Print Spooler, with just one mitigation so far – to turn off the service.
Unpatched Windows Print Spooler Bug
According to a recent advisory, Microsoft has publicly disclosed another security bug in Windows Print Spooler. However, this one is different from the pair of PrintNightmare vulnerabilities that the vendor just addressed with July Patch Tuesday.
Specifically, the new vulnerability, CVE-2021-34481, is a local privilege escalation flaw. The bug exists because the Windows Print Spooler improperly handles privileged file operations.
Describing the impact of the vulnerability, the advisory reads,
An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
However, exploiting this flaw requires an attacker to have privileged access to the target device already.
An attacker must have the ability to execute code on a victim system to exploit this vulnerability.
Microsoft elaborated that this vulnerability existed before the July updates.
The tech giant has acknowledged the researcher Jacob Baines for finding this vulnerability, who also confirmed that he reported the bug to MSRC on June 18, 2021.
Also, the researcher, while publicly disclosing the bug via his tweet, confirmed it to be different from PrintNightmare.
If you are here for information on CVE-2021-34481, you'll have to wait for my DEF CON talk. I don't consider it to be a variant of PrintNightmare. The MS advisory/CVE was a surprise to me and, as far as I'm concerned, it wasn't a coordinated disclosure.
— Jacob Baines (@Junior_Baines) July 16, 2021
Thankfully, as Microsoft confirmed, the bug remains unexploited publicly; yet, exploitation is likely.
For now, users must remain cautious since no patch is available for this flaw. Once again, they are left with only one workaround to mitigate the flaw – to disable or stop the Print Spooler service.
To do this, users should run the following in Windows PowerShell.
Stop-Service -Name Spooler -Force
Set-Service -Name Spooler -StartupType Disabled
After that, the Print Spooler will be disabled, leaving the devices unable to print locally or remotely.
Let us know your thoughts in the comments.