Microsoft does not come to rest: As soon as the “PrintNightmare” security gap appears to be closed, the next message comes around the corner: There is another security gap in the Windows print spooler, which enables the foreign takeover of systems.
The vulnerability is documented as CVE-2021-36958 and the description sounds familiar: There is a remote code vulnerability in the Windows print spooler service when privileged file operations are not performed properly. An attacker who successfully exploited the vulnerability could execute arbitrary code with SYSTEM privileges and change files, install programs or create new user accounts.
The only workaround to protect yourself from the risk posed by this vulnerability is to deactivate the service, which means that you can no longer print.
The description is also a bit confusing because while Microsoft speaks of remote vulnerability, on the one hand, the attack vector is classified as “local”. That would mean that an attacker would have to have physical access to a computer or get someone to take certain actions.
Discovered the hole Benjamin Delpy, who via Twitter has a proof of concept video released has, in which he demonstrates the use of the gap on a system with the latest security updates on August 10, 2021. In another tweet, he writes that this whole PrintNightmare story is a wonderfully representative example of Microsoft’s lack of attention when it comes to bug fixes, tests and quality assurance. Given that the security problems persist even after the third attempt, it’s hard to disagree.