There is another serious vulnerability in the Windows print spooler service that Microsoft says can allow an unprivileged local user to get system-level privileges.
The new vulnerability (CVE-2021-34481) surfaced this week and MIcrosoft does not yet have a patch available for it. The company has not indicated whether it will release an out-of-band patch for the bug, but it has released a preliminary advisory that recommends customers disable the print spooler service for the time being.
“An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” the Microsoft advisory says.
“An attacker must have the ability to execute code on a victim system to exploit this vulnerability.”
Researcher Jacob Baines of Dragos discovered the vulnerability and said he reported it to the Microsoft Security Response Center on June 18. The new vulnerability is not specifically related to the Print Nightmare bugs in the print spooler service that were disclosed earlier this month. Those vulnerabilities were more serious and could lead to remote code execution, whereas the newer one is a local privilege escalation vulnerability.
“I don't consider it to be a variant of PrintNightmare. The MS advisory/CVE was a surprise to me and, as far as I'm concerned, it wasn't a coordinated disclosure,” Baines said on Twitter.
Microsoft is still determining exactly which versions of Windows are affected by the new flaw, but said Windows 10 and newer are vulnerable.