viralamo

Menu
  • Technology
  • Science
  • Money
  • Culturs
  • Trending
  • Video

Subscribe To Our Website To Receive The Last Stories

Join Us Now For Free
Home
Technology
Disable the Windows print spooler to prevent hacks, Microsoft tells customers
Technology

Disable the Windows print spooler to prevent hacks, Microsoft tells customers

16/07/2021

Disable the Windows print spooler to prevent hacks, Microsoft tells customers

Getty Images

Microsoft hit yet another snag in its efforts to lock down the Windows print spooler, as the software maker warned customers on Thursday to disable the service to contain a new vulnerability that helps attackers execute malicious code on fully patched machines.

The vulnerability is the third printer-related flaw in Windows to come to light in the past five weeks. A patch Microsoft released in June for a remote code-execution flaw failed to fix a similar but distinct flaw dubbed PrintNightmare, which also made it possible for attackers to run malicious code on fully patched machines. Microsoft released an unscheduled patch for PrintNightmare, but the fix failed to prevent exploits on machines using certain configurations.

Bring your own printer driver

On Thursday, Microsoft warned of a new vulnerability in the Windows print spooler. The privilege-escalation flaw, tracked as CVE-2021-34481, allows hackers who already have the ability to run malicious code with limited system rights to elevate those rights. The elevation allows the code to access sensitive parts of Windows so malware can run each time a machine is rebooted.

“An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations,” Microsoft wrote in Thursday’s advisory. “An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Microsoft said that the attacker must first have the ability to execute code on a victim’s system. The advisory rates in-the-wild exploits as “more likely.” Microsoft continues to advise that customers install the previously issued security updates. A print spooler is software that manages the sending of jobs to the printer by temporarily storing data in a buffer and processing the jobs sequentially or by job priority.

Advertisement

“The workaround for this vulnerability is stopping and disabling the Print Spooler service,” Thursday’s advisory said. It provides several methods customers can use to do so.

The vulnerability was discovered by Jacob Baines, a vulnerability researcher at security firm Dragos, who is scheduled to deliver a talk titled “Bring Your Own Print Driver Vulnerability” at next month’s Defcon hacker convention The executive summary for the presentation is:

What can you do, as an attacker, when you find yourself as a low privileged Windows user with no path to SYSTEM? Install a vulnerable print driver! In this talk, you’ll learn how to introduce vulnerable print drivers to a fully patched system. Then, using three examples, you’ll learn how to use the vulnerable drivers to escalate to SYSTEM.”

In an email, Baines said he reported the vulnerability to Microsoft in June and didn’t know why Microsoft published the advisory now.

“I was surprised by the advisory because it was very abrupt and not related to the deadline I gave them (August 7), nor was it released with a patch,” he wrote. “One of those two things (researcher public disclosure or availability of a patch) typically prompts a public advisory. I’m not sure what motivated them to release the advisory without a patch. That is typically against the goal of a disclosure program. But for my part, I have not publicly disclosed the vulnerability details and won’t until August 7. Perhaps they have seen the details published elsewhere, but I have not.”

Microsoft said it’s working on a patch but didn’t provide a timeline for its release.

Baines, who said he performed the research outside of his responsibilities at Dragos, described the severity of the vulnerability as “medium.”

“It does have a CVSSv3 score of 7.8 (or High), but at the end of the day, it’s just a local privilege escalation,” he explained. “In my opinion, the vulnerability itself has some interesting properties that make it worthy of a talk, but new local privilege escalation issues are found in Windows all the time.”

Source link

Share
Tweet
Pinterest
Linkedin
Stumble
Google+
Email
Prev Article
Next Article

Related Articles

Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us
Getty Images Researchers have unpacked a major cybersecurity find—a malicious UEFI-based …

Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us

Uber confirms $2.7 billion Postmates acquisition
Uber has confirmed that it’s buying on-demand delivery company Postmates …

Uber confirms $2.7 billion Postmates acquisition

Leave a Reply Cancel reply

Find us on Facebook

Related Posts

  • Linden Lab sells off Sansar to ‘streamline its focus’ on Second Life
    Linden Lab sells off Sansar to ‘streamline …
    30/03/2020
  • PlayStation 5 gets Godfall looter-slasher from Gearbox Publishing
    Mayfield raises $750 million across two funds
    16/04/2020
  • Beat Saber is now an Oculus studio after Facebook acquisition
    Top investors predict what’s ahead for Boston’s …
    18/04/2020
  • Doom Eternal — Solving puzzles takes time thanks to id’s demonic designers
    Doom Eternal — Solving puzzles takes time …
    17/03/2020
  • Israel’s Toya creates social games for girls on Roblox
    Israel’s Toya creates social games for girls …
    10/03/2020

Popular Posts

  • 1,900 Signal users’ phone numbers exposed by Twilio phishing
    1,900 Signal users’ phone numbers exposed by …
    15/08/2022 0
  • 10 Fan Theories That Are Better Than …
    18/07/2022 0
  • Servers running Digium Phones VoiP software are getting backdoored
    Servers running Digium Phones VoiP software are …
    18/07/2022 0
  • 10 Brutal Murders of Pizza Delivery Drivers …
    19/07/2022 0
  • Top 10 Greatest Archaeological Restorations – Listverse
    19/07/2022 0

viralamo

Pages

  • Contact Us
  • Privacy Policy
Copyright © 2022 viralamo
Theme by MyThemeShop.com

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh