A day following releasing Patch Tuesday updates, Microsoft acknowledged however an additional distant code execution vulnerability in the Windows Print Spooler element, introducing that it really is doing the job to remediate the concern in an future security update.
Tracked as CVE-2021-36958 (CVSS rating: 7.3), the unpatched flaw is the newest to join a list of bugs collectively recognized as PrintNightmare that have plagued the printer company and occur to light in modern months. Victor Mata of FusionX, Accenture Stability, who has been credited with reporting the flaw, stated the problem was disclosed to Microsoft in December 2020.
“A distant code execution vulnerability exists when the Windows Print Spooler provider improperly performs privileged file functions,” the firm reported in its out-of-band bulletin, echoing the vulnerability information for CVE-2021-34481. “An attacker who properly exploited this vulnerability could run arbitrary code with Process privileges. An attacker could then set up packages see, alter, or delete details or create new accounts with whole person rights.”
It truly is really worth noting that the Windows maker has considering that introduced updates to alter the default Position and Print default habits, proficiently barring non-administrator consumers from setting up or updating new and present printer drivers using drivers from a distant computer system or server without having initial elevating by themselves to an administrator.
As workarounds, Microsoft is recommending end users to stop and disable the Print Spooler company to stop malicious actors from exploiting the vulnerability. The CERT Coordination Center, in a vulnerability note, is also advising consumers to block outbound SMB targeted visitors to prevent connecting to a destructive shared printer.