A day after releasing Patch Tuesday updates, Microsoft acknowledged one more distant code execution vulnerability within the Home windows Print Spooler part, including that it is working to remediate the difficulty in an upcoming safety replace.
Tracked as CVE-2021-36958 (CVSS rating: 7.3), the unpatched flaw is the newest to hitch a list of bugs collectively generally known as PrintNightmare which have plagued the printer service and are available to mild in current months. Victor Mata of FusionX, Accenture Safety, who has been credited with reporting the flaw, said the difficulty was disclosed to Microsoft in December 2020.
“A distant code execution vulnerability exists when the Home windows Print Spooler service improperly performs privileged file operations,” the corporate mentioned in its out-of-band bulletin, echoing the vulnerability particulars for CVE-2021-34481. “An attacker who efficiently exploited this vulnerability might run arbitrary code with SYSTEM privileges. An attacker might then set up packages; view, change, or delete knowledge; or create new accounts with full consumer rights.”
It is price noting that the Home windows maker has since launched updates to vary the default Level and Print default conduct, successfully barring non-administrator customers from putting in or updating new and current printer drivers utilizing drivers from a distant laptop or server with out first elevating themselves to an administrator.
As workarounds, Microsoft is recommending customers to cease and disable the Print Spooler service to forestall malicious actors from exploiting the vulnerability. The CERT Coordination Middle, in a vulnerability note, can be advising customers to dam outbound SMB site visitors to forestall connecting to a malicious shared printer.