After the update released just two days ago, Microsoft has revealed another loophole security in Windows Print Spooler, but promised to fix it in a future security update.
The vulnerability described in CVE-2021-36958 is also known as PrintNightmare. It was first discovered in December 2020 by FusionX Victor Mata, Accenture Security.
Microsoft explains everything in one bulletin with particular emphasis on vulnerabilities CVE-2021-34481 recently discovered. According to the company, this is a vulnerability that allows remote implementation code when the Windows Print Spooler service runs improperly privileged file operations on a vulnerable Windows system.
The company says that if an attacker exploited the vulnerability, they could gain administrator access to the machine. Intrusive actions that can be performed by remote attackers on a specific user's computer include the ability to processings, reading or removing information and even creation new accounts with full user rights on the target computer.
To avoid all this, Microsoft advises users (let's go again) to stop and disable the Print Spooler service
It is important to mention that with the recent Microsoft update, it is now possible to change the default behavior of Windows Point and Print, so that new and existing printer drivers can be installed and updated only by users with administrator privileges.
However, the update does not cover all of them. So Microsoft this time and once again recommends it vacation and disabling the Print Spooler service on computers (head ache – cut head).
According to the Computer Emergency Response Team (CERT) by the Computer Emergency Response Team, users should also disable outbound SMB connectivity to avoid connecting to a shared printer.
In addition, the company advises all users to install all the latest security updates (even if they do not work).