Jul 5, 2021

Critical security vulnerability in the Windows Print Spooler service – We’re here to help.

An exploit code is currently doing the rounds that is capitalising on an as-yet unresolved security vulnerability in many Windows versions. A patch has not yet been made available. The issue affects the Windows Print Spooler. According to current information, all Windows versions from 7 SP1 to Server 2019 are impacted. The exploit enables malicious code to be run with system rights and, if this happens on a domain server, attackers could spread throughout the network and infect other computers with malware.

How has this happened?

Microsoft closed a similar security vulnerability (CVE-2021-1675) in the Print Spooler on Patch Day in June. There is no CVE number for this new vulnerability and it has also not yet been allocated a threat level, but security researchers are saying this is a critical bug.

Employees of a cybersecurity company accidentally published an exploit code for the new vulnerability instead of for the one that had already been patched and even though the Proof of Concept code for exploiting PrintNightmare has been removed, copies have been made.

Affected systems.

All supported versions of Microsoft Windows and Microsoft Windows Server are affected.

Temporary solution.

  • Stop and disable the Print Spooler service. Unfortunately, the workaround disables the affected systems’ print capabilities, and so you should very carefully consider if this will be detrimental to the system.
  • Another workaround that still allows printing involves restricting access to the access control lists (ACL) on C:\Windows\System32\spool\drivers as described here.

We’re happy to carry out an external audit of your systems. E-mail us at it-security@bechtle.com or get in touch with your Bechtle account manager.

More Information.

Carnegie Mellon University: Microsoft Windows Print Spooler allows for RCE

Share article

Published on Jul 5, 2021.