After the update released just two days ago, Microsoft has revealed another loophole security in the item Windows Print Spooler, but promised to fix it in a future security update.
The vulnerability described in CVE-2021-36958 is also known as PrintNightmare. It was first discovered in December 2020 by FusionX Victor Mata, Accenture Security.
Microsoft explains everything in one bulletin with particular emphasis on vulnerabilities CVE-2021-34481 which was discovered recently. Σύμφωνα με την εταιρεία, πρόκειται για μια ευπάθεια που επιτρέπει απομακρυσμένη εκτέλεση κώδικα όταν η υπηρεσία Windows Print Spooler τρέχει ακατάλληλα προνομιακές λειτουργίες files σε ένα ευάλωτο σύστημα Windows.
The company says that if an attacker took advantage of the vulnerability, he could have administrator access to the machine. Intrusive actions that can be performed by remote attackers on a particular user's computer include the ability to edit, read, or remove information, and even create new full-user accounts on the target computer.
To avoid all this, Microsoft advises users (let's go again) to stop and disable the Print Spooler service
It is important to mention that with the recent Microsoft update, it is now possible to change the default behavior of Windows Point and Print so that new and existing pre-letterτα οδήγησης εκτυπωτή (drivers) μόνο από χρήστες με δικαιώματα διαχειριστή.
However, the update does not cover all of them. So Microsoft this time and once again proposes to stop and apactivation of the Print Spooler service on computers (head ache – cut head).
According to the Computer Emergency Response Team (CERT), users should also disable outgoing connectivity smb, to avoid connecting with someone shared printer.
In addition, the company advises all users to install all the latest security updates (even if they do not work).