Microsoft may have patched PrintNightmare in Windows, but for the second time this month there is another printer vulnerability.
A new weak point is only detailed in the Windows print spooler service, which could allow hackers to install programs; View, change or delete data; and create new accounts on your PC.
While this may sound scary, the important thing to note is that hackers have to run code on a victim’s system in order to exploit this new vulnerability. Basically, this means that a hacker would need physical access to your PC. Microsoft mentions this in the support guide for the new vulnerability under the name CVE-2021-34481.
At this point, Microsoft has given the vulnerability a score of 7.8 and a severity of “important”, which means that it is a high security risk. However, Microsoft also mentions that while CVE-2021-34481 was published, it was not exploited – although another note indicates that exploitation is “more likely”.
Microsoft has not yet announced when a patch will be released for this new vulnerability. Instead, the company says it is investigating and “developing” a security update. Importantly, Microsoft advises that this new issue was not caused by the July 2021 security update that PrintNightmare originally patched.
Still worried? There is a temporary workaround for those who may be affected. The workaround is to open Powershell on Windows and see if the print spooler service is running, then stop and disable the service. The disadvantage of this workaround is that stopping and disabling the print spooler service will disable the ability to print both locally and remotely.
Last time Microsoft quickly released a patch for PrintNightmare. It happened within four days of Microsoft first discovering the problem. It is unknown if a similar patch for this exploit could be released at a similar time. Since the situation is a little less urgent, as hackers need local access to a PC, this can take a while.
Microsoft credits security researcher Jacob Baines with discovering this problem and reporting it to Microsoft. Baines Notes on his twitter page that he doesn’t think this new vulnerability is a variant of PrintNightmare.