Windows Print Spooler Remote Code Execution Vulnerability

Page 1 of 7 123 ... LastLast
    Windows Print Spooler Remote Code Execution Vulnerability

    Windows Print Spooler Remote Code Execution Vulnerability

    CVE-2021-34527

    Last Updated: 09 Jul 2021 at 12:33

    UPDATE 7/8: Clarified Guidance CVE-2021-34527 Windows Print Spooler Vulnerability


    Microsoft is aware of and investigating a remote code execution vulnerability that affects Windows Print Spooler and has assigned CVE-2021-34527 to this vulnerability. This is an evolving situation and we will update the CVE as more information is available.

    A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    An attack must involve an authenticated user calling RpcAddPrinterDriverEx().

    Please ensure that you have applied the security updates released on June 8, 2021, and see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability.


    Read more:


    UPDATE FIX: KB5004945 Windows 10 2004 19041.1083, 20H2 19042.1083, 21H1 19043.1083
    Brink's Avatar Posted By: Brink
    02 Jul 2021


  1. Posts : 5,442
    Windows 11 Home
       #1

    And people wonder, what is the point of disabling services that are not even being used.
    Print Spooler vulnerability repeats every 2-3 years and if do not have a printer, it is easy.
      My Computer


  2. Posts : 2,557
    Windows 10 pro x64-bit
       #2

    I have just read about it and it seems to be a very serious and urgent issue until, of course, fixed by MS:

    https://www.askvg.com/security-alert...ce-in-windows/
      My Computers


  3. Posts : 1,079
    10 + Linux
       #3

    Microsoft suggested disabling the Windows Print Spooler service or at least inbound remote printing through Group Policy.
    Microsoft provides further mitigations for PrintNightmare exploit, awards it "high" severity - Windows 10 How to Tutorials
      My Computer


  4. Posts : 18,044
    Win 10 Pro 64-bit v1909 - Build 18363 Custom ISO Install
       #4

    I have the Print Spooler Service Disabled.

    On the VERY RARE occasions that I do need to Print, I just set the Service to Demand [ Manual ], Print, and then Disable it again.


    Set to Disable:
    Code:
    
    sc stop Spooler & sc config Spooler start=disabled

    Set to Demand [ Manual ]:
    Code:
    
    sc start Spooler & sc config Spooler start=demand

    I hope this helps.
      My Computer


  5. Posts : 7,724
    3-Win-7Prox64 3-Win10Prox64 3-LinuxMint20.2
       #5

    Hi,
    Group policy seems easy enough
    Windows Print Spooler Remote Code Execution Vulnerability-image.png
      My Computers


  6. Posts : 7,871
    Windows 11 Pro 64 bit
       #6

    ThrashZone said:
    Hi,
    Group policy seems easy enough
    Windows Print Spooler Remote Code Execution Vulnerability-image.png
    I've just done that on all PCs since I only use local printers
      My Computers


  7. WXC
    Posts : 13,170
    Windows 10 Pro 64-bit 22H2 19045.4046
       #7

    Steve C said:
    I've just done that on all PCs since I only use local printers

    As have I, Steve (well, on my one PC).

    I have a question however. Do I need to re-boot my PC for the change (Disabled), to take effect?

    Thank you.

    ~~~~

    Not really knowing the answer, I re-booted, just in case it was necessary.
      My Computer


  8. Posts : 7,871
    Windows 11 Pro 64 bit
       #8

    WXC said:
    As have I, Steve (well, on my one PC).

    I have a question however. Do I need to re-boot my PC for the change (Disabled), to take effect?

    Thank you.

    ~~~~

    Not really knowing the answer, I re-booted, just in case it was necessary.
    I think the change is instant but I always turn off PCs anyway so it won't be long before they get a reboot.
      My Computers


  9. WXC
    Posts : 13,170
    Windows 10 Pro 64-bit 22H2 19045.4046
       #9

    Steve C said:
    I think the change is instant but I always turn off PCs anyway so it won't be long before they get a reboot.

    Thank you Steve. Yes, It seems to be instant, but I gave it a reboot, just in case. lol

    Take care.
    Last edited by WXC; 05 Jul 2021 at 09:53. Reason: Typo
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 21:31.
Find Us




Windows 10 Forums