14 DAY TRIAL // Following the patch released just two days ago, Microsoft disclosed another vulnerability in the Windows Print Spooler component, but promised to fix the problem future security update, according to The Hacker News.
Recently, the previously unknown vulnerability, identified as CVE-2021-36958, was added to the list of vulnerabilities known as PrintNightmare. The vulnerability was first discovered in December 2020 by Victor Mata from FusionX, Accenture Security.
Microsoft explained everything in a bulletin with a particular emphasis on the recently identified issue CVE-2021-34481. According to the company, a remote code execution vulnerability exists when the Windows Print Spooler service improperly conducts privileged file operations on a vulnerable Windows system.
The company explained that if an attacker was to successfully exploit the vulnerability, they would be able to get administrative access to the machine. Intrusive acts conducted by remote attackers on a given user's computer include the ability to edit, read or remove information, and even create new accounts with full user privileges on the targeted computer.
To avoid hacking threats, Microsoft advises users to stop and disable the Print Spooler service
It's important to note that, as a result of a recent Microsoft update, it's now possible to change the default Windows Point and Print behavior so that new and existing printer drivers can be installed and updated using driver files located on a local or remote computer or server by users with administrator status only.
Microsoft provided a way to solve the problem: to stop and disable the Print Spooler service on the computer in question. According to the Computer Emergency Response Team (CERT), users should also disable outgoing SMB connectivity in order to avoid connecting to a rogue shared printer. In addition, it is highly recommended that users maintain the most recent version of their operating system and apply the latest security updates as soon as they are released.