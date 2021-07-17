



Microsoft suggests disabling the Windows print spooler after a new bug is discovered

Microsoft is investigating a new vulnerability in the Windows Print Spooler service and recommends that IT professionals disable it as a temporary measure, but it will result in loss of printing functionality.

IT professionals may already be vigilant, as Microsoft has released two patches for security issues in Windows Print Spooler that were previously rated as “Critical.” This new vulnerability is a privilege elevation vulnerability in Windows Print Spooler and is documented in Microsoft’s CVE-2021-34481 security bulletin.

According to the CVE-2021-34481 security bulletin, a new vulnerability has been published but has not yet been exploited.

No patches available yet CVE-2021-34481 is currently under investigation by Microsoft and no patches are available. There is only a temporary “workaround” solution to disable the Windows Print Spooler service.

This vulnerability seems to be bad, with the Common Vulnerability Scoring System ranking 7.8 out of 10. The breaking news explains:

An attacker who successfully exploited this vulnerability could execute arbitrary code with SYSTEM privileges. An attacker could then install the program. View, modify, or delete data. Alternatively, create a new account with full user privileges.

Security solutions company Sophos has pointed out a vulnerability in CVE-2021-34481 in this commentary. I’ve explained why escalation software flaws aren’t as bad as remote code execution software flaws, but both are pretty bad.

The CVE-2021-34481 security bulletin indicates that Microsoft is working on a patch, but suggests that its release may follow Microsoft’s usual “monthly update Tuesday rhythm”. I am. Update Tuesday is the second Tuesday of every month, so patches may arrive on August 10, but Microsoft hasn’t specified a timing.

Although CVE-2021-34481 is said to be different from PrintNightmare, PrintNightmare Security researchers may have flashed back to a vulnerability in a Windows print spooler called “PrintNightmare”.

Microsoft acknowledged Jacob Baines, a software reverse engineer, for discovering CVE-2021-34481. However, Mr. Baines was surprised at the mention in a Twitter post, stating that he did not make a coordinated disclosure with Microsoft. He said he did not consider CVE-2021-34481 a variant of PrintNightmare and plans to talk about it at the security event DEFCON. The next DEF CON event is scheduled for August.

Windows print spoolers have recently become a punching bag for security researchers. Microsoft initially issued a patch for the Windows Print Spooler Vulnerabilities (CVE-2021-1675), which was rated “Important” on June 8th, as part of Tuesday’s regular security patch bundle. A few weeks later, the severity of CVE-2021-1675 was upgraded to a critical rate remote code execution vulnerability.

On July 6, Microsoft released an “out-of-band” (unplanned) patch for the Windows Print Spooler Remote Code Execution Vulnerabilities (CVE-2021-34527). The vulnerability could allow an attacker to execute code with system privileges. However, security researchers said the Microsoft patch did not fix the local privilege escalation scenario.

On July 8, the Microsoft Security Response Center team responded to such claims and declared CVE-2021-34527 to be “effective.” The team suggested that some people had just set the registry settings incorrectly.

Kevin Beaumont, a security researcher and former Microsoft employee, commented on the July 15th disclosure of the CVE-2021-34481 Windows Print Spooler vulnerability. “I knew it wasn’t fixed, but tweeted a statement saying it was fixed,” Beaumont said of the Windows print spooler issue, according to a Twitter posting thread.

So far, Microsoft seems to have just announced the new CVE-2021-34481 vulnerability through a Twitter post on the Microsoft Security Response Center on July 15th. Beaumont hinted at a “new MSRC piece” on this topic, but it wasn’t available at the time of the press.

