Disable the Home windows print spooler to forestall hacks, Microsoft tells clients

Disable the Windows print spooler to prevent hacks, Microsoft tells customers

Getty Pictures

Microsoft hit yet one more snag in its efforts to lock down the Home windows print spooler, because the software program maker warned clients on Thursday to disable the service to include a brand new vulnerability that helps attackers execute malicious code on totally patched machines.

The vulnerability is the third printer-related flaw in Home windows to come back to mild prior to now 5 weeks. A patch Microsoft released in June for a distant code-execution flaw failed to repair an analogous however distinct flaw dubbed PrintNightmare, which additionally made it doable for attackers to run malicious code on totally patched machines. Microsoft released an unscheduled patch for PrintNightmare, however the repair failed to prevent exploits on machines utilizing sure configurations.

Convey your personal printer driver

On Thursday, Microsoft warned of a new vulnerability within the Home windows print spooler. The privilege-escalation flaw, tracked as CVE-2021-34481, permits hackers who have already got the flexibility to run malicious code with restricted system rights to raise these rights. The elevation permits the code to entry delicate elements of Home windows so malware can run every time a machine is rebooted.

“An elevation of privilege vulnerability exists when the Home windows Print Spooler service improperly performs privileged file operations,” Microsoft wrote in Thursday’s advisory. “An attacker who efficiently exploited this vulnerability might run arbitrary code with SYSTEM privileges. An attacker might then set up applications; view, change, or delete information; or create new accounts with full person rights.”

Microsoft mentioned that the attacker should first have the flexibility to execute code on a sufferer’s system. The advisory charges in-the-wild exploits as “extra probably.” Microsoft continues to advise that clients set up the beforehand issued safety updates. A print spooler is software program that manages the sending of jobs to the printer by briefly storing information in a buffer and processing the roles sequentially or by job precedence.

“The workaround for this vulnerability is stopping and disabling the Print Spooler service,” Thursday’s advisory mentioned. It offers a number of strategies clients can use to take action.

The vulnerability was found by Jacob Baines, a vulnerability researcher at safety agency Dragos, who’s scheduled to ship a chat titled “Bring Your Own Print Driver Vulnerability” at subsequent month’s Defcon hacker conference The chief abstract for the presentation is:

What are you able to do, as an attacker, when you end up as a low privileged Home windows person with no path to SYSTEM? Set up a weak print driver! On this discuss, you will discover ways to introduce weak print drivers to a totally patched system. Then, utilizing three examples, you will discover ways to use the weak drivers to escalate to SYSTEM.”

In an e-mail, Baines mentioned he reported the vulnerability to Microsoft in June and did not know why Microsoft printed the advisory now.

“I used to be stunned by the advisory as a result of it was very abrupt and never associated to the deadline I gave them (August 7), nor was it launched with a patch,” he wrote. “A type of two issues (researcher public disclosure or availability of a patch) usually prompts a public advisory. I am unsure what motivated them to launch the advisory with no patch. That’s usually in opposition to the objective of a disclosure program. However in my view, I’ve not publicly disclosed the vulnerability particulars and will not till August 7. Maybe they’ve seen the main points printed elsewhere, however I’ve not.”

Microsoft mentioned it’s engaged on a patch however didn’t present a timeline for its launch.

Baines, who mentioned he carried out the analysis outdoors of his duties at Dragos, described the severity of the vulnerability as “medium.”

“It does have a CVSSv3 rating of seven.8 (or Excessive), however on the finish of the day, it is only a native privilege escalation,” he defined. “In my view, the vulnerability itself has some fascinating properties that make it worthy of a chat, however new native privilege escalation points are present in Home windows on a regular basis.”

Recent Articles

Elon Musk confirms Walter Isaacson is writing his biography | Engadget

Walter Isaacson, the creator behind the 2011 Steve Jobs biography printed shortly after his loss of life, is at the moment writing Elon Musk's...

Samsung Galaxy S21 data worst gross sales in years sparking inner firm overview

Robert Triggs / Android AuthorityTL;DR The Galaxy S21 collection has reportedly recorded very disappointing gross sales numbers in comparison with older S collection flagships. Samsung is...

Nokia XR20 teardown video reveals a tricky cellphone that’s reasonably arduous to restore

What makes a cellphone just like the Nokia XR20 robust? It begins with the selection of supplies. The cellphone has rubberized sides for a...

Greatest GAMES of the MONTH

For correct use of this web site, that you must allow javascript in your browser! July was one other...

Related Stories

Stay on op - Ge the daily news in your inbox