Microsoft on Thursday shared recent steerage on yet one more vulnerability affecting the Home windows Print Spooler service, stating that it is working to handle it in an upcoming safety replace.
Tracked as CVE-2021-34481 (CVSS rating: 7.8), the difficulty considerations a neighborhood privilege escalation flaw that might be abused to carry out unauthorized actions on the system. The corporate credited safety researcher Jacob Baines for locating and reporting the bug.
“An elevation of privilege vulnerability exists when the Home windows Print Spooler service improperly performs privileged file operations. An attacker who efficiently exploited this vulnerability might run arbitrary code with SYSTEM privileges,” the Home windows maker mentioned in its advisory. “An attacker might then set up packages; view, change, or delete knowledge; or create new accounts with full consumer rights.”
Nevertheless, it is price declaring that profitable exploitation of the vulnerability requires the attacker to have the flexibility to execute code on a sufferer system. In different phrases, this vulnerability can solely be exploited regionally to realize elevated privileges on a tool.
As workarounds, Microsoft is recommending customers to cease and disable the Print Spooler service to stop malicious actors from exploiting the vulnerability.
The event comes days after the Redmond-based agency rolled out patches to handle a vital shortcoming in the identical part that it disclosed as being actively exploited to stage in-the-wild assaults.
Dubbed PrintNightmare (CVE-2021-34527), the vulnerability stems from a lacking permission verify within the Print Spooler that permits the set up of malicious print drivers to attain distant code execution or native privilege escalation on susceptible techniques.
Nevertheless, it later emerged that the out-of-band safety replace might be solely bypassed beneath particular situations to realize each native privilege escalation and distant code execution. Microsoft has since mentioned the fixes had been “working as designed and is efficient towards the recognized printer spooling exploits and different public reviews collectively being known as PrintNightmare.”