Multiple Vulnerabilities in Windows Print Spooler Service

Published on 02 Jul 2021

Updated on 16 Jul 2021

Following the publication of the vulnerability dubbed “PrintNightmare” (CVE-2021-34527), Microsoft has issued guidance on another elevation of privilege vulnerability (CVE-2021-34481) in the Windows Print Spooler service.

Elevation of privilege is the act of exploiting a software application to gain elevated access that is normally protected from an application or user. The result is an application with more privileges than intended.

The vulnerabilities are:

CVE-2021-34481 - This new vulnerability exists when the service improperly performs privileged file operations that can only be exploited locally. Microsoft is still investigating the versions of Windows affected by this vulnerability.

At this moment, Microsoft has not released a patch to fix CVE-2021-34481. They have advised administrators to implement the workaround of disabling the Windows Print Spooler service. For more information on the workaround, refer to https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481.

CVE-2021-34527 - This vulnerability exists when the service improperly performs privileged file operation that can be exploited remotely. All versions of Windows are affected by this vulnerability. 

Microsoft has released security updates for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 to address CVE-2021-34527. Administrators of affected products are advised to install the security updates immediately.

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code with elevated system privileges to install programs; view, change, or delete data; or create new accounts with full user rights.

More information is available here:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-guidance-on-new-windows-print-spooler-vulnerability/
https://www.zdnet.com/article/windows-print-spooler-hit-with-local-privilege-escalation-vulnerability/
https://www.zdnet.com/article/microsoft-adds-second-cve-for-printnightmare-remote-code-execution/