Over the past several weeks, Microsoft has been battling against security vulnerabilities identified in the Windows print spooler service, leaving computers across the world potentially exposed to malicious attacks. In June, a patch for a remote code execution flaw was released, but this didn’t resolve a similar flaw, later nicknamed PrintNightmare. Following the discovery of the PrintNightmare flaw, another patch was released, however, this didn’t fix the flaw in all configurations.
As of Thursday, Microsoft has begun to warn of yet another newly-discovered vulnerability in the Windows Print Spooler service (via Ars Technica). This flaw allows attackers who already have access to a system to run malicious code using limited system privileges to elevate their privileges, enabling the attacker to access more sensitive areas of the Windows system, potentially resulting in the ability to run malware each time the machine is started, as an example. Using this flaw, Microsoft warns that an “attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
For this latest flaw, Microsoft has recommended that customers disable the Windows print spooler service in order to reduce the potential of their devices being left exposed to hacks.
This latest flaw is being tracked under CVE-2021-34481, and was discovered by Jacob Baines, from cybersecurity firm Dragos. According to Baines, this latest flaw in the Windows Print Spooler service was reported to Microsoft in June, with Baines saying that he was “surprised” Microsoft has now decided to warn of the vulnerability, “because it was very abrupt and not related to the deadline I gave them (August 7), nor was it released with a patch.”
As it stands, there is currently no patch for this latest flaw, with the only workaround being to stop and disable the service. A patch is being worked on, according to Microsoft, but there is currently no ETA on when this would be made available.