Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.

Researcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerability

July 23, 2021
windows printer spooler vulnerability

Merely days after Microsoft sounded the alarm on an unpatched security vulnerability within the Home windows Print Spooler service, presumably one more zero-day flaw in the identical element has come to mild, making it the fourth printer-related shortcoming to be found in current weeks.

“Microsoft Home windows permits for non-admin customers to have the ability to set up printer drivers by way of Level and Print,” CERT Coordination Heart’s Will Dormann said in an advisory printed Sunday. “Printers put in by way of this system additionally set up queue-specific recordsdata, which could be arbitrary libraries to be loaded by the privileged Home windows Print Spooler course of.”

Stack Overflow Teams

An exploit for the vulnerability was disclosed by safety researcher and Mimikatz creator Benjamin Delpy.

Particularly, the flaw permits a risk actor to execute arbitrary code with SYSTEM privileges on a susceptible Home windows machine by connecting to a malicious print server beneath their management.

Whereas there isn’t any resolution to the issue, CERT/CC recommends configuring “PackagePointAndPrintServerList” to forestall the set up of printers from arbitrary servers and blocking outbound SMB site visitors on the community boundary, on condition that public exploits for the vulnerability make the most of SMB for connectivity to a malicious shared printer.

Enterprise Password Management

The brand new challenge is barely the newest proof of the fallout after the PrintNightmare flaw by accident turned public final month, resulting in the invention of plenty of vulnerabilities affecting the Print Spooler service.

Given the shortage of particulars surrounding CVE-2021-34481 — the native privilege escalation (LPE) flaw reported by safety researcher Jacob Baines — it’s not immediately clear what connection, if any, the vulnerability and this new Print Spooler signature-check bypass that additionally permits for LPE might have with each other.

When reached for a response, a Microsoft spokesperson informed The Hacker Information that “we’re investigating experiences and can take applicable motion as wanted to assist maintain prospects protected.”

Posted in SecurityTags:
Write a comment