Microsoft is once again advising its customers to disable Windows print spooler, after a new vulnerability that allows hackers to execute malicious code on machines has emerged. While a patch fixing the flaw will be released in due course, the most effective workaround currently on the table is to stop and disable the print spooler service entirely.
The vulnerability is the third printer-related flaw in Windows to come to light in the past five weeks. A patch Microsoft released in June for a remote code execution flaw failed to fix a similar but distinct flaw dubbed PrintNightmare, which also made it possible for attackers to run malicious code on fully patched machines. Microsoft released an unscheduled patch for PrintNightmare, but the fix failed to prevent exploits on machines using certain configurations.
The vulnerability was discovered by Jacob Baines, a vulnerability researcher at security firm Dragos, who is scheduled to deliver a talk titled “Bring Your Own Print Driver Vulnerability“ at next month’s Defcon hacker convention The executive summary for the presentation is:
What can you do, as an attacker, when you find yourself as a low privileged Windows user with no path to SYSTEM? Install a vulnerable print driver! In this talk, you’ll learn how to introduce vulnerable print drivers to a fully patched system. Then, using three examples, you’ll learn how to use the vulnerable drivers to escalate to SYSTEM.
Baines, who said he performed the research outside of his responsibilities at Dragos, described the severity of the vulnerability as “medium.”
The emergence of this new vulnerability is frustrating news for Microsoft and its users.
Microsoft has warned customers of the new print spooler vulnerability online, writing: “An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
The bottom line in terms of making your computer safe is to stop and disable the print spooler service outright if it’s running – Microsoft spells out how you can do so online. While there’ll be a patch for this vulnerability released in due course, no timeline is currently available.
2 Comments
Pingback: Zoom Acquires Cloud Call Center Firm Five9 for $14.7B | Innovation Village | Technology, Product Reviews, Business
Pingback: Microsoft Begins Rolling out Windows 11 Update With Teams Chat Built-in | Innovation Village | Technology, Product Reviews, Business