After waking up from PrintNightmare, Microsoft has a workaround for another Windows Print Spooler vulnerability
After the PrintNightmare fiasco of recent weeks, Microsoft has shared information about another Windows Print Spooler security vulnerability.
The issue is being tracked as CVE-2021-34481, and is described as a "Windows Print Spooler Elevation of Privilege Vulnerability". For the time being, there is no patch available, but Microsoft has offered details of a workaround that mitigates against potential attack -- but it is far from being an ideal solution.
- Microsoft announces Windows 10 21H2 with new productivity, management and security features
- Microsoft releases KB5004237 and KB5004245 to fix dozens of Windows 10 problems
- Microsoft has its own Linux distro called CBL-Mariner
Microsoft is still investigating the newly revealed vulnerability. The company says of it: "An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations".
The company adds:
An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attacker must have the ability to execute code on a victim system to exploit this vulnerability.
The workaround that is offered up will secure systems until a patch is readied, but its not a solution that will please many people. Microsoft's answer is to simply disable the print spooler -- which has the rather drastic side effect of making it impossible to print either locally or remotely.
Microsoft describes how to implement the workaround:
Determine if the Print Spooler service is running
Run the following in Windows PowerShell:
Get-Service -Name Spooler
If the Print Spooler is running or if the service is not disabled, follow these steps:
Stop and disable the Print Spooler service
If stopping and disabling the Print Spooler service is appropriate for your environment, run the following in Windows PowerShell:
Stop-Service -Name Spooler -Force
Set-Service -Name Spooler -StartupType Disabled
Impact of workaround Stopping and disabling the Print Spooler service disables the ability to print both locally and remotely.
A fix is in the works, and while Microsoft will clearly be hoping to issue it on the next Patch Tuesday, this is certainly not guaranteed.