Who would have thought that with all the scare in 2021, one of the scarier things would be what is dubbed the Print Nightmare? Or rather, PrintNightmare, as this family is called.
And despite efforts from Microsoft, it has gone from bad to worse.
Those of you out of the loop should know that recent weeks have brought a seemingly endless stream of security flaws relating to the Windows print spooler. This family of vulnerabilities has been the talk of the town as the software titan worked nonstop to fix the issue, to no avail, apparently.
In fac, the company has just acknowledged another 0-day vulnerability.
There is currently no fix available for this security bug, but the Remote Code Execution vulnerability is being tracked as CVE-2021-36958. Redmond has, however, served up a workaround for this, which is clearly less than ideal.
Stopping and disabling the Print Spooler service.
Microsoft says of the flaw:
“A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
So, basically, just what you would expect of any critical flaw in the operating system.
This new security vulnerability has a CVSS score of 7.3, though some confusion exists about why it has been classified as a remote code execution flaw when local access is required to exploit it.
The only way out of this is to stop and disable the print spooler service. Of course, this workaround has a high impact, as it disables users’ ability to print both locally and remotely in Windows.