Another zero-day vulnerability was discovered in Microsoft’s Print Spooler. The US IT company advises to disable the job.
It’s the second Print Spooler vulnerability in a short time. The vulnerability CVE-2021-34527 was previously discovered, which provides the ability to install malicious print drivers on vulnerable systems remotely or through physical access. An update was provided in the form of KB5004945. However, security researchers have found ways to bypass the patch under certain circumstances. However, Microsoft states that the update is working properly.
Developer Benjamin Delpy has now reported that he has found a new way to bypass the normal way Windows installs print drivers. This makes it possible to increase permissions by installing malicious print drivers. The vulnerability also exists on systems where the KB5004945 update is installed. Microsoft previously recommended some measures to prevent the previously discovered Print Spooler vulnerability from being misused. Including restricting and disabling driver installation to administrators, pointing and printing. However, Delpy warns that the new vulnerability can also be exploited after these actions.
More information is available at sleeping computer, which published a comprehensive analysis of the leak.
