A zero-day remote code execution vulnerability in the Windows Print Spooler service (CVE-2021-34527) has been disclosed by security researchers. The vulnerability exists when the service improperly performs privileged file operation. The code that contains the vulnerability is in all versions of Windows, and Microsoft is still investigating if all versions are exploitable.
Successful exploitation of the vulnerability could give remote attackers full control of vulnerable systems, execute arbitrary code with elevated system privileges to install programs; view, change, or delete data; or create new accounts with full user rights.. To achieve RCE, attackers would need to target a user authenticated to the spooler service. Without authentication, the flaw could still be exploited to elevate privileges.
At this moment, Microsoft has not released a patch to fix this vulnerability. Microsoft recommend to disable to implement the workaround of disabling the Windows Print Spooler service or inbound remote printing through Group Policy.
For more information please see:
Windows Print Spooler Remote Code Execution Vulnerability
Matsco Solutions are currently monitoring the update and will be reaching out to clients running the affected system to disable the print spooler services.
Please contact the Matsco Solutions team on the below if you would like any further information.
support@matscosolutions.com
Beijing +86 400 120 2782
Hong Kong +852 8101 8418
London +44 (0)20 7821 4950
New York +1 866 446 9226
Singapore +65 6100 1090
Share this Post