company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO

Application Security Engineer

DevsecOps Engineer

IT Manager

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Microsoft

Windows Print Spooler

Vulnerability

loading..
loading..
loading..

Windows Print Pooler vulnerability still persistent, tracked by Microsoft as CVE-2021-34481

Microsoft tracked a privilege elevation vulnerability in the Windows Spooler service. Victim's data compromised. It secured 7.8 out of 10 on the severity scale....

17-Jul-2021
3 min read

Microsoft recently issued a security advisory to alleviate the impact of a new Windows Print Spooler vulnerability. The IT giant tracked it as CVE-2021-34481, which is a privilege elevation vulnerability. The flaw was first reported by Jacob Baines, a security researcher at Dragos.

He identified that the flaw resided in Windows Print Spooler, and any attacker can utilize the vulnerability to run random code with SYSTEM privileges. A local threat actor can only exploit this recent flaw to raise privileges on the infected device. Due to this, it secured a 7.8 CVSS vulnerability-severity score out of 10.

Source: WINDOWS CENTRAL

The security advisory published by Microsoft read, "The privilege elevation vulnerability comes into existence when a Windows Print Spooler service performs an improper privileged file operation. After the attack, the threat actor can install programs, edit data and create new user accounts with full rights. " The vulnerability is causing the Windows Print Spooler services to operate improperly.

Microsoft rated the error as 'more likely' exploitable than any other. The analysis done by the Microsoft team made clear that the vulnerability could be modified to exploit the victim's systems consistently. Besides, Microsoft has faced this kind of vulnerability issue before and, this would make it an appealing target for attackers. Microsoft does not yet disclose the technical details about the windows versions affected by this for security reasons.

Microsoft suggested all users try and disable the Windows spooler service or use some workarounds mentioned in the advisory to eliminate the issue. The advisory included a PowerShell command 'Stop-Service -Name Spooler -Force' to forcefully stop the service and prevent any problems.

The IT giant is still in the process of finding a security patch for the recent Print Spooler service. Initially, a bug labeled as CVE-2021-1675 was identified that allowed for remote code execution. Jacob Baines told Bleeping computer that the recent vulnerability in the Print Spooler service is not related to the PrintNightmare but, a lot of investigation is still required to make things clear.