- CVE-2021-34527 - Windows Print Spooler Remote Code Execution Vulnerability
Further to Pulsant Incident Report dated Jul 01, 2021 – 20:46 BST - CVE-2021-1675 - https://status.pulsant.com/incidents/k0t5lyhxjnx7
Microsoft has released CVE-2021-34527 - Windows Print Spooler Remote Code Execution Vulnerability. This relates to the vulnerability publicly known as “PrintNightmare” and although similar to CVE 2021-1675 should is being treated as distinct by Microsoft.
Nature of the Threat:
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attack must involve an authenticated user calling RpcAddPrinterDriverEx().
Level of Threat:
Microsoft is aware of an instance of this vulnerability being exploited. As such, customers who have reviewed the security update and determined its applicability within their environment should treat this with the highest priority.
All Windows Operating Systems
Microsoft continue to work upon an effective patch and in lieu of this have provided advice on workarounds. Clients who require the assistance of Pulsant to perform workarounds are asked to submit a request and acknowledge the risk that the Microsoft recommended workaround may impact the ability to print both locally and remotely.
For clients who manage their own infrastructure, Pulsant advice remains as per previous update; Disable the Print Spooler service from all Windows Operating Systems where it is unnecessary, especially critical infrastructure e.g. Domain Controllers and Data Servers. Microsoft provides details for workarounds on their MSRC page, see link below.
Jul 5, 15:53 BST