Microsoft may have patched PrintNightmare in Windows, but for the next time this thirty day period, there’s nonetheless one more printer-themed vulnerability in the wild.
Just specific is a new vulnerability in the Windows Print Spooler service that could allow hackers to put in applications view, change, or delete facts and create new accounts on your Computer system.
Though that might sound scary, it is significant to observe that to leverage this new vulnerability, hackers will require to execute code on a victim procedure. Mainly, it indicates that a hacker would will need physical access to your Computer system. Microsoft mentions this in the help guide for the new vulnerability, likely by the name of CVE-2021-34481.
It is there in which Microsoft labels the vulnerability with a rating of 7.8 and “important” severity, which means it is a higher-safety chance. However, Microsoft does also point out that though CVE-2021-34481 was made community, it has not been exploited — however an additional notice details exploitation is “more most likely.”
Microsoft hasn’t but described when a patch for this new vulnerability will be unveiled. As a substitute, the firm says it is investigating and “developing a security update.” Importantly, Microsoft factors out that this new challenge was not brought on by the July 2021 stability update, which in the beginning patched PrintNightmare.
Nevertheless worried? There is a non permanent workaround for these who could possibly be worried. The workaround involves opening Powershell on Home windows and determining if the Print Spooler Services is managing, then stopping and disabling the services. The downside of this workaround is that halting and disabling the Print Spooler service disables the capability to print equally regionally and remotely.
The final time, Microsoft was quick to launch a patch for PrintNightmare. It transpired inside of four times of Microsoft first identifying the challenge. It is unknown if a comparable patch for this exploit could arrive at a comparable time. Observing as however the predicament is a tiny significantly less urgent, with hackers needing local access to a Computer system, it could be a when.
Microsoft credited the protection researcher Jacob Baines for discovering this situation and reporting it to Microsoft. Baines notes on his Twitter web page that he does not believe that this new vulnerability to be a variant of PrintNightmare.