Another Windows Printer Vulnerability Rears Its Ugly Head In Wake Of PrintNightmare
Remember that scene in Office Space where a trio of disgruntled employees take a problematic printer to field and beat it to a pulp? Anyone who has ever dealt with stubborn printer issues has probably felt that way. It doesn't help that we also have to worry about printer vulnerabilities messing up our day, and to that end, Microsoft has warned of yet another one.
The latest printer bug is being tracked as CVE-2021-34481. It has to do with the Windows Print Spooler service, and without a patch in place, a nefarious actor could potentially gain unfettered access to an affected system. At that point, they could install malware, swipe sensitive data, and worst of all, rearrange your carefully aligned icons. The horror!
Okay, maybe that last one isn't the worst thing in the world. But it's annoying.
"An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges," Microsoft explains. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
Scary stuff, though not quite the thing of a print nightmare (or PrintNightmare, which Microsoft recently patched). The reason is because a would-be attacker needs to be able to execute code on a victim's PC in order to exploit the vulnerability.
That means they would either need physical access to a target's system, or have already compromised it in some way. Nevertheless, this is something that will inevitably be patched out at some point. In the meantime, Microsoft says the only real workaround for the Print Spooler vulnerability is to stop and disable the service. Here's how...
In a related FAQ section, Microsoft makes it clear this was not introduced with this month's Patch Tuesday update. That's good to know we suppose, though hopefully the eventual patch works without a hitch.
That is not always a given, by the way—Microsoft rushed out a patch for the PrintNightmare bug and it ended up breaking certain printers. Do'h! There was also that time earlier this year when a Patch Tuesday update caused numerous printer-related issues, which in some cases led to the dreaded blue screen of death (BSOD).
Here's hoping for smoother printer sailing from here on out.