Microsoft Confirms Another Print Spooler Vulnerability

Spool on the roof must have a leak

Microsoft has confirmed yet another zero-day bug vulnerability tied to its Print Spooler utility, despite recently released spooler security fixes.

Not to be confused with the initial PrintNightmare vulnerability, or the other recent Print Spooler exploit, this new bug would allow a local attacker to gain system privileges. Microsoft is still investigating the bug, referred to as CVE-2021-36958, so it has not yet been able to verify which Windows versions are affected . It also hasn't announced when it will release a security update, but states that solutions are typically released monthly.

Tired office worker

Geber86 / Getty Images

According to BleepingComputer, the reason Microsoft's recent security updates don't help is because of an oversight regarding administrator privileges. The exploit involves copying a file that opens a command prompt and a print driver, and admin privileges are needed to install a new print driver.

However, the new updates only require admin privileges for driver installation—if the driver is already installed there is no such requirement. If the driver is already installed on a client computer, an attacker would simply need to connect to a remote printer to gain full system access.

Stressed office worker

Tatomm / Getty Images

As with previous Print Spooler exploits, Microsoft recommends disabling the service entirely (if it's "appropriate" for your environment). While this would close the vulnerability, it also would disable the ability to print remotely and locally.

Instead of preventing yourself from being able to print entirely, BleepingComputer suggests only allowing your system to install printers from servers you personally authorize. It notes, however, that this method isn't perfect, as attackers could still install the malicious drivers on an authorized server.

Was this page helpful?