This week Microsoft disclosed a new PrintNightmare bug, just the latest of a string of said bugs in the year 2021. Very similar to the others that appeared earlier this year, this is a Print Spooler service bug, and Microsoft suggests that admins go ahead and disable said Print Spooler until a fix can be sent out. ANd yes, Microsoft did JUST release an August 10, 2021 patch that attempted to adjust the Print Spooler service to avoid something like this.
This latest of a line of Print Spooler bugs was shown by Microsoft in an August 11, 2021 security vulnerability alert. In the alert, titled “Windows Print Spooler Remote Code Execution Vulnerability”, Microsoft tags the issue with code CVE-2021-36958. User interaction is required on this bug, so there’s little worry of an exploit on a machine that’s sitting around idle.
“A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations,” according to the Microsoft vulnerability guide. “An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
To exploit this vulnerability, the attacker must have access to the computer’s read/write/execute capabilities. If the attacker does not have remote access or local access (physical access), they must rely on a secondary action, like the opening of a malicious file that then enables remote access.
After the attacker gains access to the computer via this vulnerability, Microsoft suggests there is a potential for “total loss of confidentiality” and “total loss of integrity, or complete loss of protection,” and a “total loss of availability” for the targeted machine.
To avoid malicious attackers exploitation of this vulnerability, Microsoft recommends that users stop and disable the Print Spooler service on their computer. Microsoft is working on a fix for this latest of several Print Spooler-related bugs, and a security update will likely be available shortly.