Posted on Leave a comment

Another Remote Code Execution Vulnerability On Windows Print Spooler.

Microsoft releases a new advisory warning the customers about another new remote code execution vulnerability on its Windows print spooler component which an attacker can take advantage to run arbitrary code with System level privileges.

“A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” states the advisory.

The vulnerability which is tracked as CVE-2021-36958 is the yet another unpatched bug on its printer component on Microsoft Windows under the printnightmare umbrella.

Microsoft recommends to stopping and disabling the Print spooler service as a workaround for this vulnerability.

However, Microsoft has brought new changes to its point and print feature by restricting non-admin user to perform following activities.

  • Install new printers using drivers on a remote computer or server
  • Update existing printer drivers using drivers from remote computer or server

Workarounds

Determine if the Print Spooler service is running

Run the following in Windows PowerShell:

Get-Service -Name Spooler

If the Print Spooler is running or if the service is not disabled, follow these steps:

Stop and disable the Print Spooler service

If stopping and disabling the Print Spooler service is appropriate for your environment, run the following in Windows PowerShell:

Stop-Service -Name Spooler -Force

Set-Service -Name Spooler -StartupType Disabled

Impact of workaround Stopping and disabling the Print Spooler service disables the ability to print both locally and remotely.

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1

Leave a Reply