Following the release just two days ago, Microsoft revealed another security flaw in Windows Print Spooler, but promised to fix it in a future security update.
The vulnerability described in CVE-2021-36958 is also known as PrintNightmare. It was first discovered in December 2020 by FusionX Victor Mata, Accenture Security.
Microsoft explains everything in one bulletin with particular emphasis on vulnerabilities CVE-2021-34481 recently discovered. According to the company, this is a vulnerability that allows remote code execution when the Windows Print Spooler service improperly runs privileged file functions on a vulnerable Windows system.
The company says that if an attacker took advantage of the vulnerability, he could have administrator access to the machine. Intrusive actions that can be performed by remote attackers on a particular user's computer include the ability to edit, read, or remove information, and even create new full-user accounts on the target computer.
To avoid all this, Microsoft advises users (let's go again) to stop and disable the Print Spooler service
It is important to mention that with the recent Microsoft update, it is now possible to change the default behavior of Windows Point and Print, so that new and existing printer drivers can be installed and updated only by users with administrator privileges.
However, the information does not cover everyone. So Microsoft this time and again proposes to stop and disable the Print Spooler service on computers (it hurts head - cut off the head).
According to the Computer Emergency Response Team (CERT) by the Computer Emergency Response Team, users should also disable outbound SMB connectivity to avoid connecting to a shared printer.
In addition, the company advises all users to install all the latest security updates (even if they do not work).