Microsoft on Wednesday published a "Security Update Guide" notice on another Windows print spooler vulnerability, namely CVE-2021-36958.
Microsoft’s CVE-2021-36958 notice, dated Aug. 11, falls outside of its August patch bundle, released on Tuesday. The August patch bundle contained at least three fixes for Windows print spooler flaws, so this notice is flagging yet another vulnerability along those lines.
Newly Reported, but Old Flaw
The CVE-2021-36958 vulnerability, while newly described, apparently isn’t new. Security researcher Victor Mata, credited by Microsoft for finding CVE-2021-36958, apparently reported it to Microsoft back in December 2020, according to this Twitter thread by Kevin Beaumont, a security researcher and former Microsoft employee.
Which Windows systems are affected by the CVE-2021-36958 vulnerability wasn’t described. However, Microsoft’s notice did indicate that "functional exploit code is available." This vulnerability is rated 7.3 (out of 10) on the Common Vulnerability Scoring System scale.
CVE-2021-36958 is a remote code execution vulnerability that, if exploited with user interaction, could gain system privileges for an attacker.
Here’s Microsoft’s summary of CVE-2021-36958:
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Organizations can disable the Windows print spooler service as a workaround before a patch arrives. However, doing so "disables the ability to print both locally and remotely."
IT pros may be recalling June and July’s PrintNightmare vulnerabilities and patches. Even Microsoft’s August patches, released on Tuesday, included PrintNightmare fixes.
PrintNightmare is Windows print spooler vulnerability enabling remote code execution. It was perhaps first addressed by Microsoft in its June patch bundle.
Later, in early July, Microsoft issued an "out-of-band" (unscheduled) patch for PrintNightmare. While researchers had claimed that this patch didn’t address all avenues of attack, Microsoft issued a clarification later that month stating that its patch was "effective."
In mid-July, Microsoft reported that it was researching another PrintNightmare vulnerability. At that time, Microsoft had suggested organizations use the workaround of disabling the Windows print spooler service. Unfortunately, though, doing so eliminates the ability to print.
It’s not clear if the newly reported CVE-2021-36958 vulnerability is yet another PrintNightmare flaw or something else. There have been so many Windows print spooler flaws uncovered in recent months that it’s hard to keep track of them.
Microsoft did say in a Microsoft Security Response Center announcement this week that its August patches will change the behavior of the Point and Print capability, which seems to be associated with the Windows print spooler vulnerabilities and PrintNightmare. With an August patch in place, only administrators will be able to install printers and print drivers.
About the Author
Kurt Mackie is senior news producer for 1105 Media’s Converge360 group.
Recent scanning for a «Critical» remote code execution vulnerability (CVE-2021-34473) in Exchange Server, dubbed «ProxyShell,» has been detected by security researchers.
Microsoft on Wednesday published a «Security Update Guide» notice on another Windows print spooler vulnerability, namely CVE-2021-36958.
Microsoft on Tuesday announced the release of a «standalone» servicing stack update (SSU) for Windows 10 systems to address a patching problem that had affected some organizations trying to apply a June security update.
Microsoft announced on Tuesday the acquisition of Peer5 with the aim of improving «large-scale live video streaming» in Microsoft Teams.
Microsoft released August security updates to address 44 common vulnerabilities and exposures (CVEs) in various Microsoft software products.
More Tech Library
Problems? Questions? Feedback? E-mail us.