PrintNightmare lives on for Microsoft with yet another vulnerability

2 min. read

Published onAugust 12, 2021

published onAugust 12, 2021

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

The ongoing problem that isPrintNightmarejust won’t end for Microsoft. The company has once again posted yet another security advisory in relation to the Windows Print Spooler service (via BleepingComputer.)

Assigned asCVE-2021-36958, this latest advisory sounds a bit familiar if you’re following this saga closely. That’s because, despite a recent security patch that requires administrator privileges for running Point and Print driver installations and updates, there’s still one glaring problem.

Someone with physical access to a PC can still gain system privileges if a set of rogue printer drivers (discovered last month by security researcher Benjamin Delp) for a network printer are already installed. Basically, you don’t need administrative privileges in cases where you need to connect to a printer or a print server when drivers are already installed. This will then allow the remote code to still be excuted as described by Microsoft:

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Microsoft is calling this a “remote code execution,” but this is actually a local one, with physical access being required. Microsoft credited FusionX, Accenture Security’s Victo Mata for this bug, and it’s likely that the advisory could be updated in a few days to “escalation of privilege,” according to Bleeping Computer.

Once again, there’s not yet a patch for this latest bug and Microsoft is working on a new fix. If you’re worried, you’ll have to disable the Print Spooler and prevent your device from printing. However, you can also change your settings so that your PC will only install printers from authorized servers. This can be done through the Group Policy Editor, asdescribed by the security researcher Benjamin Delpy.

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).

For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.

Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Radu Tyrsina

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

PrintNightmare lives on for Microsoft with yet another vulnerability#

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

PrintNightmare lives on for Microsoft with yet another vulnerability