If exploited successfully through the execution of code on a victim’s device, the new security vulnerability, tracked as CVE-2021-34481, could allow an attacker to gain SYSTEM privileges through a vulnerability in the Print Spooler service—potentially changing or deleting the victim’s data, installing new programs, or creating new user accounts with full access to the user’s system. The new exploit comes on the heels of the recent PrintNightmare security vulnerability, which also exploited Microsoft’s Print Spooler service, allowing attackers to gain remote system privileges on victims’ systems. That vulnerability affected all versions of Windows and took several days to patch. The company’s fix was also mired with issues and reportedly caused connection errors for some users. In a post announcing the new vulnerability, the Microsoft Security Response Center credited its discovery to security researcher Jacob Baines. In a tweet posted earlier this morning, Baines said he did not consider the new vulnerability to be a variant of PrintNightmare. According to the company’s post, Microsoft is still determining which versions of Windows are affected by the vulnerability, and is currently working on a patch. In the meantime, Microsoft has recommended users determine whether the Print Spooler service is running on their system. If so, users are advised to stop and disable the service. The workaround will disable the ability to print both remotely or locally, but the company said it should prevent the flaw from being exploited by bad actors until a security update becomes available.
