Microsoft Suggests Disabling Windows Print Spooler After New Bug Discovered
Microsoft is investigating a brand new vulnerability within the Windows print spooler service and is recommending that IT execs disable it, if attainable, as an interim measure, though doing so eliminates the flexibility to print.
IT execs could already be on excessive alert as Microsoft has beforehand launched two patches for “Critical”-rated Windows print spooler safety points. This new vulnerability is an elevation-of-privilege vulnerability in Windows print spooler and is described in Microsoft’s CVE-2021-34481 security bulletin.
The new vulnerability has been publicly disclosed, nevertheless it hasn’t but been exploited, per the CVE-2021-34481 safety bulletin’s description.
No Patch Available Yet
CVE-2021-34481 is at the moment below investigation by Microsoft and there is not any patch out there. There’s solely a short lived “workaround” resolution of disabling the Windows print spooler service.
The vulnerability seems to be a foul one, with a Common Vulnerability Scoring System rating of seven.8 out of 10. Here’s how the safety bulletin described it:
An attacker who efficiently exploited this vulnerability may run arbitrary code with SYSTEM privileges. An attacker may then set up packages; view, change, or delete information; or create new accounts with full person rights.
Security options agency Sophos famous the CVE-2021-34481 vulnerability in this commentary. It defined why an elevation-of-privilege software program flaw is not as unhealthy as a distant code execution software program flaw, regardless that each are fairly unhealthy.
The CVE-2021-34481 safety bulletin indicated that Microsoft is engaged on a patch, however prompt that its launch could happen in response to Microsoft’s regular “month-to-month Update Tuesday cadence.” Update Tuesdays fall on the second Tuesdays of every month, so a patch probably could arrive on Aug. 10, however Microsoft did not specify timing.
Security researchers could also be having flashbacks to the Windows print spooler vulnerabilities dubbed “PrintNightmare,” though CVE-2021-34481 is claimed to be totally different from PrintNightmare.
Microsoft credited Jacob Baines, a software program reverse engineer, for uncovering CVE-2021-34481. However, Baines indicated in a Twitter post that he did not do coordinated disclosure with Microsoft and was shocked by the point out. He stated that he does not contemplate CVE-2021-34481 to be a PrintNightmare variant and is planning to speak about it at DEF CON, a safety occasion. The subsequent DEF CON occasion is scheduled for August.
The Windows print spooler currently has been a punching bag for safety researchers. Microsoft initially issued a patch for an “Important”-rated Windows print spooler vulnerability (CVE-2021-1675) on June 8, as a part of its common replace Tuesday safety patch bundle. Weeks later, it later upgraded the severity of CVE-2021-1675 to a Critical-rated distant code execution vulnerability.
On July 6, Microsoft launched an “out-of-band” (unscheduled) patch for a Windows print spooler distant code execution vulnerability (CVE-2021-34527). This vulnerability additionally may allow an attacker to run code with system privileges. Security researchers had stated, although, that Microsoft’s patch did not repair a neighborhood privilege escalation state of affairs.
On July 8, the Microsoft Security Response Center group responded to such claims and declared that CVE-2021-34527 was “effective.” Some folks simply had set their Registry settings incorrect, the group prompt.
The July 15 disclosure of the CVE-2021-34481 Windows print spooler vulnerability elicited commentary from Kevin Beaumont, a safety researcher and former Microsoft worker. Regarding the Windows print spooler points, Beaumont said that Microsoft had “VPs tweeting out statements saying it was mounted, once they knew it wasn’t,” in response to this Twitter post thread.
Microsoft appears to have solely given public discover of the brand new CVE-2021-34481 vulnerability to date through this July 15 Microsoft Security Response Center Twitter post. Beaumont had alluded to a “new MSRC piece” on the subject, nevertheless it wasn’t out there at press time.
Kurt Mackie is senior information producer for 1105 Media’s Converge360 group.