Alert! Microsoft Advises Users to Disable Print Spooler 😿
Alongside the rise of exploits targeting Windows 10, it’s unsurprising that Microsoft will release a security upgrade with Windows 11 later this year. Recent adventures have involved the printing industry. Microsoft is now advising customers to disable the Windows Print Spooler, following the discovery of the third attack in five weeks. Huh? you don’t know what Print Spooler is? It is a windows service which is responsible for implementing the Print client and the print server roles. In simple words, it is the most important service without which You CAN NOT Print properly.
Recent Print-Related Exploit Discovered
Jacob Barnes, a vulnerability researcher at Dragos security firm, found the most current print-related attack. This vulnerability affects the Windows Print Server.
According to an executive summary of a talk Barnes will deliver on print driver vulnerabilities, “What can an attacker do when they find themselves as a low-privileged Windows user without access to SYSTEM?” Install a potentially exploitable print driver! You will discover how to introduce vulnerable print drivers to a fully patched system in this session. Then, using three examples, you’ll discover how to escalate to SYSTEM utilising the vulnerable drivers.”
He also stated his assessment of the exploit’s seriousness. “While it does have a CVSSv3 score of 7.8 (or High), it is essentially a local privilege escalation,” Barnes explained “In my opinion, the vulnerability itself is interesting enough to warrant a presentation, but new local privilege escalation issues are discovered in Windows on a regular basis.”
Microsoft’s Recommendation to Disable Print Spooler
Microsoft released a patch for a similar flaw dubbed PringNightmare, but it did not resolve the issue. This exploit allowed attackers to execute malicious code on machines that had been patched incorrectly by Microsoft.
Microsoft notified users late last week via a blog post of an exploit that targets the Windows Print Spooler. It is identified as CVE-2021–34481 and enables hackers who already have the ability to run malicious code to gain elevated access. This enables the malware to execute on each reboot. This is the flaw discovered by Barnes in June.
According to Microsoft’s disclosure, “an elevation of privilege vulnerability exists when the Windows Print Spooler service performs privileged file operations in an improper manner.” Additionally, it stated, “An attacker who successfully exploits this vulnerability will be able to execute arbitrary code with SYSTEM privileges.” After that, an attacker could install programmes; view, modify, or delete data; or create new accounts with full user rights.”
The blog post does mention that an attacker must first be able to execute code on a specific system in order to use the exploit. Additionally, it advises users to install all previous updates. Additionally, Microsoft recommends a workaround for disabling the Windows Print Server. Users should first determine if the print spooler is running and, if so, disable it. Notably, disabling the print spooler as Microsoft recommends prevents users from printing locally or remotely, making this a poor solution.
We appreciate your time in reading and hope you enjoyed this Article. You may also want to check out our Website for more such Trending articles, How-to guides and much more! 😎 Wait!! Don’t forget to checkout Freebies 🤫