Microsoft disclosed a new Windows print spooler vulnerability Wednesday, weeks immediately after the PrintNightmare flaw was initial discovered, and this a person doesn’t have a patch prepared.
CVE-2021-36958 is a remote code execution (RCE) vulnerability in Windows print spooler application, which manages a device’s printing jobs, that takes place when the application “improperly performs privileged file functions,” in accordance to Microsoft’s webpage dedicated to the vulnerability.
“An attacker who correctly exploited this vulnerability could operate arbitrary code with System privileges. An attacker could then put in programs check out, alter, or delete knowledge or create new accounts with total person rights,” the advisory reads.
The vulnerability has a CVSS score of seven.three, placing it in the substantial — but not crucial — severity classification. Whilst Microsoft labeled CVE-2021-36958 as an RCE flaw, the advisory reported the assault vector is nearby, that means that a menace actor would will need direct access to a gadget in purchase to exploit it and then subsequently let for remote code execution. Microsoft assessed that exploitation is “much more probably,” however it has evidently not been exploited at this time.
Despite some confusion about the nature of CVE-2021-36958, Accenture protection principal Victor Mata, who discovered the vulnerability, reported the flaws does have RCE capability.
“CVE-2021-36958 would be thought of an RCE in the same method as CVE-2020-1300,” he reported in a assertion to SearchSecurity. “It demands a person-initiated printer relationship to an attacker-controlled technique. The score looks proper since “person interaction” is listed as a criterion for a nearby assault vector (in accordance to CVSS three. specification).”
Specifics about the most up-to-date Microsoft print spooler vulnerability continue being unclear. Mata tweeted Wednesday that he originally documented the flaw to Microsoft in December of very last yr but agreed to the firm’s ask for to withhold particulars till a patch was introduced. Despite Microsoft’s advisory, no patch exists at this time, however the application large is at this time establishing a person. Microsoft’s recent tips is to disable the print spooler service, which disables printing.
Mata reported the deficiency of the patch may perhaps be due to the total of action likely on around the print spooler just lately. “In this case,” he reported, “it would appear to be that Microsoft is undertaking its finest to defend its clients by alerting them of the vulnerability and furnishing a workaround till a protection update is out there.”
CVE-2021-36958 was disclosed a working day immediately after this month’s Patch Tuesday, in which Microsoft patched two remote-code execution vulnerabilities associated to the print spooler (CVE-2021-34481 and CVE-2021-36936). The most up-to-date print spooler vulnerability arrives about a month immediately after PrintNightmare (CVE-2021-1675), a crucial flaw that went community in late June, evidently by incident, that was also able of remote-code execution subsequent malicious (albeit nearby) print spooler access.
A person significant change between this new vulnerability and PrintNightmare is that Wednesday’s flaw demands person interaction to exploit, though PrintNightmare can let for a menace actor to execute remote code without having any person interaction. PrintNightmare was initial patched in early July, but documented troubles with the update required further more patches from Microsoft.
Unbiased of new print spooler vulnerabilities, the service has a extensive heritage of severe vulnerabilities. The notorious Stuxnet worm used a print spooler bug in 2010, and new zero-days dependent on that patched flaw have been discovered very last yr.
Microsoft declined to comment outside of linking to the vulnerability advisory.
Alexander Culafi is a author, journalist and podcaster dependent in Boston.