It became known that a new dangerous vulnerability was discovered in the Windows Print Manager, the exploitation of which allows remote code execution. This is the third such issue related to the print service and identified in the past few weeks. At the moment, a fix for the last vulnerability has not yet been released, so the only way to protect yourself from potential attacks through it is by disabling the print spooler.
This week, Microsoft confirmed the presence of a new vulnerability in the print manager, which is tracked under the identifier CVE-2021-34481 and allows remote code execution with elevated privileges. “A privilege escalation vulnerability exists when the Windows Print Spooler service does not correctly perform privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with system privileges. After that, the attacker can install programs; view, change or delete data; create new accounts ,” Microsoft said in a statement.
According to available data, in order to exploit the mentioned vulnerability, a hacker must first be able to execute code on the victim’s system. Microsoft does not exclude the possibility that attackers are already using CVE-2021-34481 in practice. The source notes that Microsoft was notified of the problem back in June and the developers are currently working on creating an appropriate patch to solve it. Possible release dates for the new print spooler vulnerability have not yet been announced.
