07.01.2021

Critical Windows Print Spooler

MCNC Admin Avatar
By MCNC Admin
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 7/1/2021

Action Level - Critial

Description

MCNC would like to make you aware of a new Critical vulnerability affecting Windows Operating Systems. This is a zero-day and affects the Print Spooler service, letting an authenticated user write code as System level to the Windows device.

This vulnerability can permit an authenticated user to run code at System level if the Print Spooler Service is enabled.

Affected Devices

As this is a zero-day and information is evolving, a full list of impacted OS versions hasn’t been curated. However, the current community focus has been around Windows Server, particularly those acting as Domain Controllers.

It may be possible for non-Server versions of Windows to be impacted.

Attack Vector

Any authenticated user on a Windows device is capable of running openly available Proof Of Concept code on a given Windows device. An attacker would need an account on a machine and access to this machine, either network based remote access or local access if this is a shared or personal computer.

Attack Feasibility

Since an attacker needs to authenticate first, any computer they can log onto or access is vulnerable.

Mitigations

Since a valid account is needed for this exploit, ensuring proper account permissions and network access can help mitigate this by restricting access to the Windows device.

Because this vulnerability affects the Microsoft Print Spooler Service, disabling this service prevents the exploit from being possible. Due to the nature of the Print Spooler Service, there is no clear answer to how this will affect a given environment, please review the following doc for related security guidelines regarding the Print Spooler Service.

Due to the recent nature of this vulnerability, shared Windows computers may also be vulnerable. Computers in a lab or library environment will need extra monitoring until a patch is released. 

Remediation

Since this is a zero-day and Microsoft hasn’t released a patch, there is no remediation.

<-- Return to Cybersecurity Alerts...

MCNC Admin
MCNC Admin
MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Uslinkedintwitterfacebookyoutube
© 2021 MCNC