Microsoft Alerts Users to Unpatched Vulnerability in Windows Print Spooler

On July 16, 2021, Microsoft issued new guidance about a vulnerability in the Windows Print Spooler service, stating that it is working on a fix for an upcoming security update. Identified as CVE-2021-34481 (CVSS score: 7.8), this local privilege escalation flaw can be exploited for unauthorized actions on affected systems. The vulnerability was discovered and reported by security researcher Jacob Baines.

According to Microsoft’s advisory, “An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploits this vulnerability could execute arbitrary code with SYSTEM privileges.” This would allow them to install software, access, modify, or delete data, and create new accounts with full user rights. It is important to note that successful exploitation requires the attacker to have specific conditions met.

Microsoft Issues Warning on Unpatched Print Spooler Vulnerability

On July 16, 2021, Microsoft announced the emergence of a new vulnerability impacting the Windows Print Spooler service, raising alarms among cybersecurity circles. The company is currently working on a security update to address this issue, identified as CVE-2021-34481, which carries a CVSS score of 7.8, indicating a high severity level.

This vulnerability pertains to a local privilege escalation flaw that could allow malicious actors to execute unauthorized actions within a compromised system. Microsoft credited security researcher Jacob Baines for identifying and reporting the vulnerability, highlighting its significance for system security.

According to Microsoft’s advisory, the vulnerability allows for elevated privileges when the Windows Print Spooler service improperly handles privileged file operations. An attacker who successfully exploits this flaw could potentially execute arbitrary code with SYSTEM privileges, enabling them to install programs, manipulate data, or create new user accounts with extensive rights.

However, it is crucial to note that exploiting this vulnerability would require an attacker to have local access to the affected machine. This mitigates the scope of potential attacks, but the risk remains significant, especially within environments where insiders or physical access could be an issue.

The implications of this vulnerability are particularly relevant to businesses relying on Windows-based systems for their operations. With the growing threat landscape, organizations must remain vigilant about potential exploitations of such vulnerabilities, which may serve as gateways for further attacks.

Given the nature of the Print Spooler service, this vulnerability falls under the MITRE ATT&CK framework, particularly related to the tactics of privilege escalation. If successfully executed, an attacker could effectively transition from initial access to gaining advanced capabilities within the network, amplifying the threat posed to sensitive data and operational integrity.

As Microsoft prepares to release a patch in the forthcoming security update, organizations are urged to enhance their cybersecurity measures and ensure their systems are adequately protected against this and other emerging threats. The situation underscores the critical necessity for continuous monitoring and proactive management of vulnerabilities to safeguard sensitive and operational data from malicious actors.

Source link

Related Posts

Important: Update Your Chrome Browser to Fix New Zero-Day Vulnerability

Jul 16, 2021

Google has released a critical security update for the Chrome browser on Windows, Mac, and Linux, addressing several vulnerabilities, including a zero-day being actively exploited. This latest patch resolves eight issues, notably a type confusion vulnerability in the V8 open-source and JavaScript engine (CVE-2021-30563). An anonymous researcher reported this flaw on July 12.

In light of the ongoing threat, Google issued a brief statement confirming that “an exploit for CVE-2021-30563 exists in the wild,” but refrained from providing specific details about the vulnerability to prevent further misuse. This marks the ninth zero-day flaw addressed by Google this year, highlighting the ongoing risks to Chrome users.

Israeli Company Aided Governments in Targeting Journalists and Activists with Zero-Day Exploits and Spyware

Two recently patched zero-day vulnerabilities in Windows, addressed in Microsoft’s Patch Tuesday update, were reportedly exploited by the Israeli firm Candiru in a series of targeted attacks on over 100 journalists, academics, activists, and political dissidents worldwide. This spyware vendor has also been identified by Google’s Threat Analysis Group (TAG) as having exploited various zero-day vulnerabilities in the Chrome browser to compromise targets in Armenia, according to a report by the University of Toronto’s Citizen Lab. Citizen Lab researchers noted that “Candiru’s widespread presence and the use of its surveillance technology against global civil society highlight the significant risks posed by the mercenary spyware industry, which is rife with potential for abuse.”

China Enacts New Law Mandating Vendors to Report Zero-Day Vulnerabilities to Authorities

On July 17, 2021, the Cyberspace Administration of China (CAC) introduced stricter regulations regarding vulnerability disclosure. Under the new “Regulations on the Management of Network Product Security Vulnerability,” software and networking vendors are required to report critical flaws directly to government authorities within two days of identification. Set to take effect on September 1, 2021, these regulations aim to standardize the processes of discovering, reporting, and addressing security vulnerabilities while mitigating associated risks. Article 4 of the regulation prohibits any organization or individual from exploiting network security vulnerabilities for malicious activities and bans the illegal sale, collection, or publication of such information. The new rules also prevent the public disclosure of previously unknown security weaknesses.

Researcher Reveals Yet Another Unpatched Vulnerability in Windows Printer Spooler

Date: July 19, 2021

Just days after Microsoft raised alarms about an unpatched security flaw in the Windows Print Spooler service, yet another potential zero-day vulnerability has surfaced, marking the fourth printer-related issue identified in recent weeks. Will Dormann from the CERT Coordination Center noted in an advisory on Sunday that “Microsoft Windows allows non-admin users to install printer drivers through Point and Print.” He highlighted that printers installed this way can load arbitrary libraries by the privileged Windows Print Spooler process. Security researcher Benjamin Delpy, known for creating Mimikatz, has disclosed an exploit for this vulnerability. #printnightmare – Episode 4