Yet another Print Spooler vulnerability found in Windows
It’s been a rough couple of weeks in the world of Windows 10 security vulnerabilities. A print spooler issue called PrintNightmare was exposed by a group that thought it was already patched. Microsoft issued an out-of-band patch to fix it. The only problem was that the cumulative update didn’t actually fix it properly.
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attacker must have the ability to execute code on a victim system to exploit this vulnerability.
The workaround for this vulnerability is stopping and disabling the Print Spooler service.
Luckily, this doesn’t seem to be quite as serious as PrintNightmare was and still is. The attack vector is local, meaning that the bad actor that’s exploiting this vulnerability needs to have access to the machine. However, this is listed as low attack complexity and low privileges required.
Microsoft didn’t say when a fix will be available for the new Print Spooler issue. Patch Tuesday just passed, so it’s a bit too late to fix it for everyone this month. The company could release another out-of-band update if it wants to, or it could fix the issue in this week’s optional cumulative updates.
If you think that you might be affected by this issue, it’s recommended that you shut down the Print Spooler service. Of course, that’s going to cause issues with your ability to print locally or remotely from your computer. You can shut down Print Spooler by running the following commands in PowerShell:
Stop-Service -Name Spooler -Force
Set-Service -Name Spooler -StartupType Disabled