Merely days after Microsoft sounded the alarm on an unpatched security vulnerability within the Home windows Print Spooler service, presumably one more zero-day flaw in the identical element has come to mild, making it the fourth printer-related shortcoming to be found in current weeks.
“Microsoft Home windows permits for non-admin customers to have the ability to set up printer drivers by way of Level and Print,” CERT Coordination Heart’s Will Dormann said in an advisory printed Sunday. “Printers put in by way of this system additionally set up queue-specific recordsdata, which could be arbitrary libraries to be loaded by the privileged Home windows Print Spooler course of.”
#printnightmare – Episode 4
You understand what is healthier than a Legit Kiwi Printer ?
?One other Legit Kiwi Printer…?
No prerequiste in any respect, you even need not signal drivers/package deal? pic.twitter.com/oInb5jm3tE
— ? Benjamin Delpy (@gentilkiwi) July 16, 2021
Particularly, the flaw permits a risk actor to execute arbitrary code with SYSTEM privileges on a susceptible Home windows machine by connecting to a malicious print server beneath their management.
Whereas there isn’t any resolution to the issue, CERT/CC recommends configuring “PackagePointAndPrintServerList” to forestall the set up of printers from arbitrary servers and blocking outbound SMB site visitors on the community boundary, on condition that public exploits for the vulnerability make the most of SMB for connectivity to a malicious shared printer.
The brand new challenge is barely the newest proof of the fallout after the PrintNightmare flaw by accident turned public final month, resulting in the invention of plenty of vulnerabilities affecting the Print Spooler service.
Given the shortage of particulars surrounding CVE-2021-34481 — the native privilege escalation (LPE) flaw reported by safety researcher Jacob Baines — it’s not immediately clear what connection, if any, the vulnerability and this new Print Spooler signature-check bypass that additionally permits for LPE might have with each other.
When reached for a response, a Microsoft spokesperson informed The Hacker Information that “we’re investigating experiences and can take applicable motion as wanted to assist maintain prospects protected.”