Now there’s a new Windows Print Spooler vulnerability: Here’s what to do

Chris Davies - Jul 16, 2021, 8:26am CDT
Now there’s a new Windows Print Spooler vulnerability: Here’s what to do

Microsoft is warning Windows users of yet another Print Spooler vulnerability, again threatening the potential for hackers to take control of your PC, install apps, and steal or delete data. It’s the third such vulnerability impacting the Windows Print Spooler service, after two high-profile PrintNightmare bugs which left the software giant floundering to figure out a fix.

Those previous fixes were, finally, deployed earlier this month. Microsoft even went so far as to develop updates for versions of the OS as far back as Windows 7, despite that being officially out of security update support, underscoring just how widespread – and potentially dangerous – the PrintNightmare vulnerability was.

Now, though, a third problem with the Windows Print Spooler has been spotted, and the perils of leaving it unchecked sound mighty familiar. According to CVE-2021-34481, freshly published in Microsoft’s security vulnerability database, this new “Windows Print Spooler Elevation of Privilege Vulnerability” could lead to the same rogue code and admin privileges from unauthorized users. For now, too, the workaround is disappointingly familiar too.

“An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations,” Microsoft explains. “An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

“An attacker must have the ability to execute code on a victim system to exploit this vulnerability,” Microsoft adds.

Right now, though the exploit has been publicly disclosed, Microsoft says it has no knowledge of it actually being used in the wild. However, that’s more likely now, the software company concedes.

Unfortunately for those using Windows, there’s no definitive patch to install and address the issue, at least not yet. Instead, Microsoft says, “the workaround for this vulnerability is stopping and disabling the Print Spooler service.” There are instructions on how to do that at the security update, though it’s worth noting that – unsurprisingly – you’ll lose the ability to print both locally and remotely once the Print Spooler service is shut down.

Exactly which versions of Windows the new vulnerability impacts is still being investigated, Microsoft says. It’s an embarrassing situation for the company to find itself in again, especially given that its initial fixes for the previous PrintNightmare problems were picked apart by security researchers.


Must Read Bits & Bytes