This week Microsoft disclosed a replacement PrintNightmare bug, just the newest of a string of said bugs within the year 2021. Very almost like the others that appeared earlier this year, this is often a Print Spooler service bug, and Microsoft suggests that admins plough ahead and disable said Print Spooler until a fix are often sent out. ANd yes, Microsoft did release an August 10, 2021 patch that attempted to regulate the Print Spooler service to avoid something like this.
Microsoft showed this latest line of Print Spooler bugs in an August 11, 2021 security vulnerability alert. Within the alert, titled “Windows Print Spooler Remote Code Execution Vulnerability”, Microsoft tags the difficulty with code CVE-2021-36958. User interaction is required on this bug, so there’s little worry of an exploit on a machine that’s sitting around idle.
“A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations,” consistent with the Microsoft vulnerability guide. “An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
The attacker must have access to the computer’s read/write/execute capabilities to exploit this vulnerability. Suppose the attacker doesn’t have remote access or local access (physical access). In that case, they need to believe a secondary action, just like opening a malicious file that enables remote access.
After the attacker gains access to the pc via this vulnerability, Microsoft suggests there’s a possibility for “total loss of confidentiality” and “total loss of integrity, or complete loss of protection,” and a “total loss of availability” for the targeted machine.
To avoid malicious attackers exploiting this vulnerability, Microsoft recommends that users stop and disable the Print Spooler service on their computers. Microsoft is functioning on a fix for this latest of several Print Spooler-related bugs, and a security update will likely be available shortly.