Microsoft is again warning about a new vulnerability in the Windows Print Spooler feature. The vulnerability allows an attacker to execute code with administrator rights on the system. The company recommends turning off the Spooler feature as a workaround.
The vulnerability appears when connecting to a print server. This print server can copy the .dll file to the client, which then System-wide command prompt Opens where code can be executed. Weakness has a meaning CVE-2021-36958 He has a CVSS score of 6.8. “An attacker who successfully exploits this vulnerability can execute code with system privileges,” Microsoft said. “An attacker can install programs, modify data, and create new accounts with full access rights to the system.”
Microsoft acknowledges the existence of the vulnerability, but has not yet released a patch. The company published a The solution It suggests stopping the Print Spooler service. Microsoft previously issued the same advice in anticipation of patches for vulnerabilities called PrintNightmare that were discovered in the Print Spooler service a few weeks ago.
In recent weeks, Microsoft discovered several vulnerabilities in the Windows Print Spooler service that were actively exploited. the first emergency correction That Microsoft released in early July was supposed to fix a string of errors in the Print Spooler feature. However, this turned out to be not enough to Escalation of local franchise On the system. One second correction Then I changed the way I install printer drivers on Windows. From now on, this will only be possible for system administrators.