Microsoft admits to new Print Spool LPE attack (CVE-2021-34481)

A bit like a horror movie, as soon as Microsoft thinks their PrintNightmare is over another vector of attack pops up.

MSRC has posted an advisory (CVE-2021-34481) informing admins that, despite having recently patched their PCs against PrintNightmare, that a new attack has been discovered which leaves their PC vulnerable to compromise.

Microsoft notes an elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Unlike the original PrintNightmare however this attack would is not a remote code exploit, and the attacker must have the ability to execute code on a victim system to exploit this vulnerability. It can of course be chained with another vulnerability and let that exploit elevate its privileges. Microsoft notes that it requires no user intervention to execute.

Microsoft has not released a patch for the new bug yet, but notes as a workaround stopping and disabling the Print Spooler service is effective.

Read more about the attack at Microsoft here.