A day after releasing Patch Tuesday updates, Microsoft acknowledged yet one more distant code execution vulnerability within the Home windows Print Spooler part, including that it is working to remediate the difficulty in an upcoming safety replace.
Tracked as CVE-2021-36958 (CVSS rating: 7.3), the unpatched flaw is the most recent to hitch a list of bugs collectively often called PrintNightmare which have plagued the printer service and are available to mild in current months. Victor Mata of FusionX, Accenture Safety, who has been credited with reporting the flaw, said the difficulty was disclosed to Microsoft in December 2020.
“A distant code execution vulnerability exists when the Home windows Print Spooler service improperly performs privileged file operations,” the corporate stated in its out-of-band bulletin, echoing the vulnerability particulars for CVE-2021-34481. “An attacker who efficiently exploited this vulnerability might run arbitrary code with SYSTEM privileges. An attacker might then set up packages; view, change, or delete knowledge; or create new accounts with full consumer rights.”
It is value noting that the Home windows maker has since launched updates to vary the default Level and Print default conduct, successfully barring non-administrator customers from putting in or updating new and present printer drivers utilizing drivers from a distant pc or server with out first elevating themselves to an administrator.
As workarounds, Microsoft is recommending customers to cease and disable the Print Spooler service to stop malicious actors from exploiting the vulnerability. The CERT Coordination Middle, in a vulnerability note, can be advising customers to dam outbound SMB site visitors to stop connecting to a malicious shared printer.