Alongside the rise of exploits targeting Windows 10, it’s unsurprising that Microsoft will release a security upgrade with Windows 11 later this year. Recent adventures have involved the printing industry. Microsoft is now advising customers to disable the Windows Print Spooler, following the discovery of the third attack in five weeks. Huh? you don’t know what Print Spooler is? It is a windows service which is responsible for implementing the Print client and the print server roles. In simple words, it is the most important service without which You CAN NOT Print properly.
Recent Print-Related Exploit Discovered
Jacob Barnes, a vulnerability researcher at Dragos security firm, found the most current print-related attack. This vulnerability affects the Windows Print Server.
According to an executive summary of a talk Barnes will deliver on print driver vulnerabilities, “What can an attacker do when they find themselves as a low-privileged Windows user without access to SYSTEM?” Install a potentially exploitable print driver! You will discover how to introduce vulnerable print drivers to a fully patched system in this session. Then, using three examples, you’ll discover how to escalate to SYSTEM utilising the vulnerable drivers.”
He also stated his assessment of the exploit’s seriousness. “While it does have a CVSSv3 score of 7.8 (or High), it is essentially a local privilege escalation,” Barnes explained “In my opinion, the vulnerability itself is interesting enough to warrant a presentation, but new local privilege escalation issues are discovered in Windows on a regular basis.”
Microsoft’s Recommendation to Disable Print Spooler
Microsoft released a patch for a similar flaw dubbed PringNightmare, but it did not resolve the issue. This exploit allowed attackers to execute malicious code on machines that had been patched incorrectly by Microsoft.
Microsoft notified users late last week via a blog post of an exploit that targets the Windows Print Spooler. It is identified as CVE-2021-34481 and enables hackers who already have the ability to run malicious code to gain elevated access. This enables the malware to execute on each reboot. This is the flaw discovered by Barnes in June.
More for You: Update!! Windows 11 is arriving soon.