[ad_1]
Microsoft has recognized the third printer vulnerability in Windows in the past month.
“An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations,” explains Microsoft’s description of CVE-2021-34481, the third printer vulnerability. “An attacker who successfully exploited this vulnerability could execute arbitrary code with SYSTEM privileges. An attacker could then install programs; view, modify or delete data; or create new accounts with full user rights.
If this sounds familiar to you, it’s because this description is almost identical to that of PrintNightmare, the first printer vulnerability she recognized in early July. And while Microsoft has released two hotfixes to correct this problem, none seem to be effective. And the advice, repeated in CVE-2021-34481, remains the same: to be truly safe from these vulnerabilities, you should stop and then deactivate the Print Spooler service.
The problem? This disables the ability to print. As Microsoft explains, the Print Spooler service is what manages print jobs, print queues, loading the correct printer drivers, and more. It’s a useful feature, obviously, but it’s also been the target of hackers for years.
Microsoft says it is working on a security update to resolve CVE-2021-34481, just as it did with the two previous exploits. But given the severity of these exploits, you might just want to stop and then disable the Print Spooler service for now (as described in the Workarounds section of this vulnerability disclosure). And if you are an IT administrator, you should also consider restricting the installation of new printer drivers.
Tagged with Security
[ad_2]
Source link