facebook no scriptWindows Print Pooler vulnerability still persistent, tracked by Microsoft as CVE-2021-34481 | Secure Blink
Microsoft
Windows Print Spooler
Vulnerability
Windows Print Pooler vulnerability still persistent, tracked by Microsoft as CVE-2021-34481
Microsoft tracked a privilege elevation vulnerability in the Windows Spooler service. Victim's data compromised. It secured 7.8 out of 10 on the severity scale...
thumbnail
SecureBlink
17 July 2021
3 min read

Microsoft recently issued a security advisory to alleviate the impact of a new Windows Print Spooler vulnerability. The IT giant tracked it as CVE-2021-34481, which is a privilege elevation vulnerability. The flaw was first reported by Jacob Baines, a security researcher at Dragos.


He identified that the flaw resided in Windows Print Spooler, and any attacker can utilize the vulnerability to run random code with SYSTEM privileges. A local threat actor can only exploit this recent flaw to raise privileges on the infected device. Due to this, it secured a 7.8 CVSS vulnerability-severity score out of 10.


Source: WINDOWS CENTRAL


The security advisory published by Microsoft read, "The privilege elevation vulnerability comes into existence when a Windows Print Spooler service performs an improper privileged file operation. After the attack, the threat actor can install programs, edit data and create new user accounts with full rights. " The vulnerability is causing the Windows Print Spooler services to operate improperly.


Microsoft rated the error as 'more likely' exploitable than any other. The analysis done by the Microsoft team made clear that the vulnerability could be modified to exploit the victim's systems consistently. Besides, Microsoft has faced this kind of vulnerability issue before and, this would make it an appealing target for attackers. Microsoft does not yet disclose the technical details about the windows versions affected by this for security reasons.


Microsoft suggested all users try and disable the Windows spooler service or use some workarounds mentioned in the advisory to eliminate the issue. The advisory included a PowerShell command 'Stop-Service -Name Spooler -Force' to forcefully stop the service and prevent any problems.


The IT giant is still in the process of finding a security patch for the recent Print Spooler service. Initially, a bug labeled as CVE-2021-1675 was identified that allowed for remote code execution. Jacob Baines told Bleeping computer that the recent vulnerability in the Print Spooler service is not related to the PrintNightmare but, a lot of investigation is still required to make things clear.