After the update released just two days ago, Microsoft has revealed another loophole security in Windows Print Spooler, but promised to fix it in a future security update.
The vulnerability described in CVE-2021-36958 also known as PrintNightmare. First discovered in December 2020 by Victor Mata of FusionX, Accenture Security.
Microsoft explains everything in one bulletin with particular emphasis on vulnerabilities CVE-2021-34481 recently discovered. According to the company, this is a vulnerability that allows remote code execution when the Windows Print Spooler service improperly runs privileged file functions on a vulnerable Windows system.
The company says that if an attacker took advantage of the vulnerability, he could have administrator access to the machine. Intrusive actions that can be performed by remote attackers on a particular user's computer include the ability to edit, read, or remove information, and even create new full-user accounts on the target computer.
To avoid all this, Microsoft advises users (let's go again) to stop and disable the Print Spooler service
It is important to mention that with the recent Microsoft update, it is now possible to change the default behavior of Windows Point and Print, so that new and existing printer drivers can be installed and updated only by users with administrator privileges.
However, the update does not cover all of them. So Microsoft this time and once again recommends it vacation and the answeractivation of the Print Spooler service on computers (head ache – cut head).
According to the Computer Emergency Response Team (CERT) by the Computer Emergency Response Team, users should also disable outbound SMB connectivity to avoid connecting to a shared printer.
In addition, the company advises all users to install all the latest security updates (even if they do not work).