Researcher Uncover Yet Another Unpatched Windows Printer Spooler Vulnerability

Researcher Uncover Yet Another Unpatched Windows Printer Spooler Vulnerability

windows printer spooler vulnerability

Merely days after Microsoft sounded the alarm on an unpatched security vulnerability in the Windows Print Spooler service, possibly yet another zero-day flaw in the same component has come to light, making it the fourth printer-related shortcoming to be discovered in recent weeks.

“Microsoft Windows allows for non-admin users to be able to install printer drivers via Point and Print,” CERT Coordination Center’s Will Dormann said in an advisory published Sunday. “Printers installed via this technique also install queue-specific files, which can be arbitrary libraries to be loaded by the privileged Windows Print Spooler process.”

Stack Overflow Teams

An exploit for the vulnerability was disclosed by security researcher and Mimikatz creator Benjamin Delpy.

Specifically, the flaw allows a threat actor to execute arbitrary code with SYSTEM privileges on a vulnerable Windows machine by connecting to a malicious print server under their control.

While there is no solution to the problem, CERT/CC recommends configuring “PackagePointAndPrintServerList” to prevent the installation of printers from arbitrary servers and blocking outbound SMB traffic at the network boundary, given that public exploits for the vulnerability utilize SMB for connectivity to a malicious shared printer.

Prevent Data Breaches

The new issue is only the latest evidence of the fallout after the PrintNightmare flaw accidentally became public last month, leading to the discovery of a number of vulnerabilities affecting the Print Spooler service.

Given the lack of details surrounding CVE-2021-34481 — the local privilege escalation (LPE) flaw reported by security researcher Jacob Baines — it’s not immediately clear what connection, if any, the vulnerability and this new Print Spooler signature-check bypass that also allows for LPE may have with one another.

We have reached out to Microsoft for further clarification, and we will update the story once we hear back.

NEWEST POSTS

Our trusted sources

We only publish news from well-known cybercrime magazines via RSS. You will find here everything about hackers & cybercrime. Also you can visit the direct sources from us.

Just click on one of the buttons.

PROTECT YOURSELF

Check out our Guidebook page.  And read everything about it.  Also how to protect yourself from hacker attacks.  An all in one thing.