Disable the Windows print spooler to prevent hacks, Microsoft tells customers

Getty Visuals

Microsoft hit yet a different snag in its efforts to lock down the Home windows print spooler, as the software program maker warned consumers on Thursday to disable the provider to consist of a new vulnerability that will help attackers execute malicious code on thoroughly patched devices.

The vulnerability is the third printer-similar flaw in Windows to occur to light-weight in the previous five months. A patch Microsoft unveiled in June for a remote code-execution flaw unsuccessful to deal with a similar but distinct flaw dubbed PrintNightmare, which also produced it attainable for attackers to operate malicious code on totally patched machines. Microsoft introduced an unscheduled patch for PrintNightmare, but the deal with unsuccessful to avoid exploits on equipment working with certain configurations.

Carry your individual printer driver

On Thursday, Microsoft warned of a new vulnerability in the Windows print spooler. The privilege-escalation flaw, tracked as CVE-2021-34481, enables hackers who presently have the skill to operate malicious code with minimal technique rights to elevate those rights. The elevation allows the code to access delicate areas of Windows so malware can operate each time a equipment is rebooted.

“An elevation of privilege vulnerability exists when the Home windows Print Spooler service improperly performs privileged file operations,” Microsoft wrote in Thursday’s advisory. “An attacker who properly exploited this vulnerability could operate arbitrary code with Technique privileges. An attacker could then install applications perspective, transform, or delete knowledge or make new accounts with total person legal rights.”

Microsoft mentioned that the attacker have to to start with have the capability to execute code on a victim’s process. The advisory charges in-the-wild exploits as “more likely.” Microsoft proceeds to suggest that consumers set up the formerly issued security updates. A print spooler is software program that manages the sending of positions to the printer by briefly storing knowledge in a buffer and processing the employment sequentially or by task precedence.

“The workaround for this vulnerability is halting and disabling the Print Spooler services,” Thursday’s advisory said. It offers several procedures shoppers can use to do so.

The vulnerability was found out by Jacob Baines, a vulnerability researcher at protection business Dragos, who is scheduled to produce a discuss titled “Deliver Your Personal Print Driver Vulnerability” at subsequent month’s Defcon hacker convention The govt summary for the presentation is:

What can you do, as an attacker, when you locate your self as a minimal privileged Windows consumer with no route to Technique? Put in a susceptible print driver! In this speak, you will find out how to introduce vulnerable print drivers to a absolutely patched process. Then, working with a few illustrations, you are going to discover how to use the susceptible motorists to escalate to Method.”

In an electronic mail, Baines mentioned he claimed the vulnerability to Microsoft in June and did not know why Microsoft printed the advisory now.

“I was astonished by the advisory simply because it was pretty abrupt and not linked to the deadline I gave them (August 7), nor was it introduced with a patch,” he wrote. “1 of those people two items (researcher general public disclosure or availability of a patch) typically prompts a public advisory. I am not sure what enthusiastic them to release the advisory without a patch. That is generally against the objective of a disclosure method. But for my portion, I have not publicly disclosed the vulnerability aspects and won’t until finally August 7. Maybe they have noticed the specifics published in other places, but I have not.”

Microsoft explained it is doing work on a patch but didn’t offer a timeline for its launch.

Baines, who said he performed the research exterior of his responsibilities at Dragos, described the severity of the vulnerability as “medium.”

“It does have a CVSSv3 score of 7.8 (or Superior), but at the close of the day, it’s just a neighborhood privilege escalation,” he stated. “In my viewpoint, the vulnerability itself has some interesting qualities that make it deserving of a communicate, but new community privilege escalation problems are discovered in Home windows all the time.”

Leave a Reply