Microsoft warns again of a printer security hole in Windows. A security patch has only been announced so far. Admins have to protect systems with a workaround. According to Microsoft, there should be no attacks yet.
As indicated by a warning message, the vulnerability (CVE-2021-34481) affects the printer spooler service again. Just last week, the PrintNightmare vulnerability (CVE-2021-34527), which was closed by an emergency patch, caused problems for admins.
Malicious code vulnerability
The threat level applies to the new vulnerability “highIt is not yet known which Windows versions are affected. It is not yet clear when a security patch will appear. For attacks to be successful, attackers must be in a position where they can already execute code locally on computers For example, if you persuade victims to open a prepared document, you shouldn’t open every file attachment to an e-mail without thinking about it.
If attacks are successful, attackers could execute malicious code with system rights. This could compromise entire systems and take full control. It is still unclear whether this would also endanger domain controllers. That would be particularly dangerous because attackers could then attack entire networks.
To protect Windows PCs against such attacks, Microsoft admins recommends deactivating the print spooler service. However, this means that you can neither print in the network nor locally. To check whether the service is running, admins must enter the following command in PowerShell
Get-Service -Name Spooler
If the service is running, it can be ended and permanently deactivated using the following commands:
Stop-Service -Name Spooler -Force
Set-Service -Name Spooler -StartupType Disabled