Another Print Spooler Vulnerability Affects Windows System

Exploitation of this vulnerability allows arbitrary code to run with SYSTEM privileges on the system.
Microsoft has warned of a vulnerability affecting the Windows Print Spooler service.

Issue ( CVE-2021-34481 ), rated 7.8 on the CVSS scale, is a local privilege escalation vulnerability. It is associated with incorrect execution of privileged file operations Windows Print Spooler.

Exploitation of this vulnerability allows arbitrary code to run with SYSTEM privileges on the system. The attacker can then install malware, view, modify or delete data, create new accounts with full user rights. As the experts noted, for a successful exploitation of the vulnerability, an attacker must be able to execute code on the victim's system.

As a measure to prevent exploitation of the vulnerability, Microsoft recommends that users disable the Print Spooler service. Experts are currently working on fixing this vulnerability.

Recall that in early July this year, Microsoft released an emergency unscheduled security update that fixes a critical vulnerability in the Windows Print Spooler print service. The vulnerability ( CVE-2021-34527 ), dubbed PrintNightmare, allows a remote attacker to take control of vulnerable systems. The problem has been a popular topic of discussion among cybersecurity experts over the past few weeks. It was first talked about after Microsoft assigned two different vulnerabilities one CVE identifier (CVE-2021-1675 ) and fixed only one of them, less dangerous.

On June 28, a group of Chinese researchers published their PoC exploit on GitHub, confident that the vulnerability was fixed. Within a few hours, the PoC exploit was removed - by that time, the researchers realized that the patch released by Microsoft only fixed one attack vector, involving privilege escalation. The issue of remote code execution to gain control of the system was still unresolved.

As a result, Microsoft recognized remote code execution as a separate vulnerability and assigned it its own CVE identifier. On July 6, the company released a fix for it.