Microsoft again warns of a new vulnerability in the Windows Print Spooler feature. The vulnerability allows an attacker to execute code with admin rights on a system. The company recommends turning off the Spooler feature in a workaround.
The vulnerability appears when connecting to a print server. This print server can copy a .dll file to the client, which then opens a system level command prompt where code can be executed. The vulnerability has been designated CVE-2021-36958 and has a CVSS score of 6.8. “An attacker who successfully exploits this vulnerability could execute code with system privileges,” Microsoft said. “An attacker can install programs, modify data and create new accounts with full access rights to the system.”
Microsoft acknowledges the vulnerability, but has not yet released a patch. The company published a workaround suggesting that the Print Spooler service be discontinued. Microsoft previously issued the same advice in anticipation of patches for vulnerabilities called PrintNightmare that were discovered in the Print Spooler service a few weeks ago.
In recent weeks, Microsoft discovered several vulnerabilities in the Windows Print Spooler service that were actively exploited. An initial emergency patch released by Microsoft in early July was supposed to fix the series of bugs in Print Spooler feature. However, this turned out not to be sufficient to prevent a local privilege escalation on the system. A second patch then changed the way printer drivers can be installed on Windows. From now on, this will only be possible for system administrators.