Windows Print Spooler nightmare continues with new vulnerability

Attackers that take advantage of a Windows Print Spooler vulnerability can gain SYSTEM privileges and run commands on PCs.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

What you need to know

Windows Print Spooler security issues continue. The saga already includes adiscovered exploit that was accidentally shared, anemergency patch from Microsoft, and some printersfailing to workafter being updated. Now, a security expert has discovered another issue with Windows Print Spooler.

The new zero day vulnerability in Windows Print Spooler allows attackers to gain administrative privileges through the ‘Queue-Specific Files’ feature, as reported byBleepingComputer.

Security researcher Benjamin Delpy shared a video taking advantage of the vulnerability.

#printnightmare- Episode 4You know what is better than a Legit Kiwi Printer ?🥝Another Legit Kiwi Printer…👍No prerequiste at all, you even don’t need to sign drivers/package🤪pic.twitter.com/oInb5jm3tE#printnightmare- Episode 4You know what is better than a Legit Kiwi Printer ?🥝Another Legit Kiwi Printer…👍No prerequiste at all, you even don’t need to sign drivers/package🤪pic.twitter.com/oInb5jm3tE— 🥝 Benjamin Delpy (@gentilkiwi)July 16, 2021July 16, 2021

If exploited, the new vulnerability allows an attacker to gain SYSTEM privileges on a targetted device. The threat actor can also gain limited access to a network.

Delpy explained to BleepingComputer that the exploit could be used to automatically download and execute malicious DLL files. An attack can then run any command on a computer with SYSTEM privileges.

There are currently two ways to mitigate the new printer vulnerability, as explained by BleepingComputer:

Blocking outbound SMB traffic prevents attackers from using remote print servers but doesn’t stop threat actors from using local print servers.

Get the Windows Central Newsletter

All the latest news, reviews, and guides for Windows and Xbox diehards.

BleepingComputer explains that configuring the Package Point and Print Server List is a better method because “This policy prevents non-administrative users from installing print drivers using Point and Print unless the print server is on the approved list.”

ACERT advisorygoes into technical detail regarding the vulnerability.

Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He’s covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean’s journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.