Microsoft is sharing mitigation steering on a brand new Home windows Print Spooler vulnerability tracked as CVE-2021-34481 that was disclosed tonight.
Microsoft launched an advisory Thursday night time for a brand new CVE-2021-34481 elevation of privilege vulnerability within the Home windows Print Spooler that Dragos safety researcher Jacob Baines found.
In contrast to the just lately patched PrintNightmare vulnerability, this vulnerability can solely be exploited regionally to achieve elevated privileges on a tool.
“The assault isn’t actually associated to PrintNightmare. As you realize, PN may be executed remotely and it is a native solely vulnerability,” Baines confirmed to BleepingComputer.
Not a lot is thought at the moment in regards to the vulnerability, together with what variations of Home windows are susceptible.
Nevertheless, Baines did share with BleepingComputer that it’s printer driver-related.
Baines will likely be sharing extra details about CVE-2021-34481 on August seventh throughout a DEF CON discuss titled “Bring Your Own Print Driver Vulnerability.”
Mitigation measures accessible
Whereas Microsoft has not launched safety updates to handle this flaw, they’ve offered mitigation measures that admins can use to dam attackers from exploiting the vulnerability.
Right now, the accessible possibility is to disable the Print Spooler service on a susceptible machine.
Possibility 1 – Disable the Print Spooler service
If disabling the Print Spooler service is suitable in your enterprise, use the next PowerShell instructions:
Cease-Service -Identify Spooler -Drive
Set-Service -Identify Spooler -StartupType Disabled
It is very important be aware that when you disable the print spooler on a tool, the machine will not print to an area or distant printer.