After the update released just two days ago, Microsoft revealed another security hole in the Windows component Print Spooler, but promised to fix it in a future security update.
Η vulnerability described in CVE-2021-36958 also known as PrintNightmare. First discovered in December 2020 by Victor Mata of FusionX, Accenture Security.
Microsoft explains everything in one bulletin with particular emphasis on vulnerabilities CVE-2021-34481 recently discovered. According to the company, this is a vulnerability that allows remote code execution when the Windows Print Spooler service runs in improperly privileged functions files on a vulnerable Windows system.
The company says that if an attacker took advantage of the vulnerability, he could have administrator access to the machine. Intrusive actions that can be performed by remote attackers on a particular user's computer include the ability to edit, read, or remove information, and even create new full-user accounts on the target computer.
To avoid all this, Microsoft advises users (let's go again) to stop and disable the Print Spooler service
It is important to mention that with the recent Microsoft update, it is now possible to change of the default behavior of Windows Point and Print so that new and existing printer drivers can only be installed and updated by users with administrative rights.
However, the information does not cover everyone. So Microsoft this time and again proposes to stop and disable the Print Spooler service on computers (it hurts head - cut off the head).
According to the Computer Emergency Response Team (CERT) by the Computer Emergency Response Team, users should also disable outbound SMB connectivity to avoid connecting to a shared printer.
In addition, the company advises all users to install all the latest security updates (even if they do not work).