You can now find Cyber Kendra on Google News | Telegram

Another Print Spooler Vulnerability Affects Windows System

Exploitation of this vulnerability allows arbitrary code to run with SYSTEM privileges on the system.
Microsoft has warned of a vulnerability affecting the Windows Print Spooler service.

Issue ( CVE-2021-34481 ), rated 7.8 on the CVSS scale, is a local privilege escalation vulnerability. It is associated with incorrect execution of privileged file operations Windows Print Spooler.

Exploitation of this vulnerability allows arbitrary code to run with SYSTEM privileges on the system. The attacker can then install malware, view, modify or delete data, create new accounts with full user rights. As the experts noted, for a successful exploitation of the vulnerability, an attacker must be able to execute code on the victim's system.

As a measure to prevent exploitation of the vulnerability, Microsoft recommends that users disable the Print Spooler service. Experts are currently working on fixing this vulnerability.

Recall that in early July this year, Microsoft released an emergency unscheduled security update that fixes a critical vulnerability in the Windows Print Spooler print service. The vulnerability ( CVE-2021-34527 ), dubbed PrintNightmare, allows a remote attacker to take control of vulnerable systems. The problem has been a popular topic of discussion among cybersecurity experts over the past few weeks. It was first talked about after Microsoft assigned two different vulnerabilities one CVE identifier (CVE-2021-1675 ) and fixed only one of them, less dangerous.

On June 28, a group of Chinese researchers published their PoC exploit on GitHub, confident that the vulnerability was fixed. Within a few hours, the PoC exploit was removed - by that time, the researchers realized that the patch released by Microsoft only fixed one attack vector, involving privilege escalation. The issue of remote code execution to gain control of the system was still unresolved.

As a result, Microsoft recognized remote code execution as a separate vulnerability and assigned it its own CVE identifier. On July 6, the company released a fix for it.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.