Microsoft shares guidance on new Windows Print Spooler vulnerability – BleepingComputer1 min read

https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-guidance-on-new-windows-print-spooler-vulnerability/

Microsoft shares mitigations for Windows PrintNightmare zero-day bug

Microsoft is sharing mitigation guidance on a new Windows Print Spooler vulnerability tracked as CVE-2021-34481 that was disclosed tonight.

Microsoft released an advisory Thursday night for a new CVE-2021-34481 elevation of privilege vulnerability in the Windows Print Spooler that Dragos security researcher Jacob Baines discovered.

Unlike the recently patched PrintNightmare vulnerability, this vulnerability can only be exploited locally to gain elevated privileges on a device.

“The attack is not really related to PrintNightmare. As you know, PN can be executed remotely and this is a local only vulnerability,” Baines confirmed to BleepingComputer.

Not much is known at this time about the vulnerability, including what versions of Windows are vulnerable.

However, Baines did share with BleepingComputer that it is printer driver-related.

Baines will be sharing more information about CVE-2021-34481 on August 7th during a DEF CON talk titled “Bring Your Own Print Driver Vulnerability.”

Mitigation measures available

While Microsoft has not released security updates to address this flaw, they have provided mitigation measures that admins can use to block attackers from exploiting the vulnerability.

At this time, the available option is to disable the Print Spooler service on a vulnerable device.

Option 1 – Disable the Print Spooler service

If disabling the Print Spooler service is appropriate for your enterprise, use the following PowerShell commands:

Stop-Service -Name Spooler -Force

Set-Service -Name Spooler -StartupType Disabled

It is important to note that if you disable the print spooler on a device, the device will no longer print to a local or remote printer.

Leave a Reply

Your email address will not be published. Required fields are marked *