Bug in Windows Print Spooler, patch in arrivo

PrintNightmare is the name of a zero-day vulnerability discovered in the Windows Print Spooler service that manages print jobs. Microsoft has confirmed the security issue, identified with CVE-2021-34527, promising that a patch will be released soon. At the moment the only solution is to deactivate the service. PrintNightmare: workaround awaiting fix Several security researchers have found exploits online that exploit the vulnerability. Contrary to what was initially assumed, the bug is not the one fixed with the patch ofJune 8. The same Redmond company reported that the vulnerability (identified with CVE-2021-1675) is similar, but different.The new security problem identified in the Windows Print Spooler service allows you to run arbitrary code with SYSTEM privileges and perform various actions, such as installing programs, deleting data, and creating accounts with administrator rights. As mentioned, there is currently no patch for the bug present in all versions of Windows. The only solution is to disable the service, which can be done in two ways. The first option involves typing the following PowerShell commands (it will no longer be possible to print): Stop-Service -Name Spooler -Force
Set-Service -Name Spooler -StartupType Disabled The second option is to use the Local Group Policy editor (the system will no longer function as a print server, but local printing is still possible). In the Computer Configuration> Administrative Templates> Printers section, the “Allow the print spooler to accept client connections” must be disabled.

Categories:   Security