logo
Contact us
help

Vulnerability in Windows Print Spooler service endangers entire networks

Kontoübernahme mit nur einem Klick: Check Point findet Schwachstelle bei Atlassian

Zero Day Exploit

05.07.2021, Munich, Qualys / Author: Herbert Wieler

Security of Windows devices compromised

Due to an unpatched vulnerability in many devices, the Print Spooler service of Windows is currently a point of attack for an exploit code that has become public. This malicious code can penetrate the system due to the vulnerability in the print queue. In this way, it is possible for malicious actors to compromise remote versions of Windows and execute code on them with system privileges.

The exploit code was made public by a Chinese team of security researchers. This assumed that the vulnerability was already patched in June CVE-2021-1675. But Microsoft has now made public in a warning that it is currently the new vulnerability CVE-2021-34527, for which no concrete date for a patch is currently promised. It may be that this patch will be part of Microsoft’s next patch day in July 2021.

According to Microsoft, the zero-day gap is currently already being used for attacks . The US agency CISA therefore recommends working with a workaround until the next patch. This consists in disabling the Windows Print Spooler service in domain controllers and non-printing systems. For the specific procedure, reference is made to the use of a Group Policy object. This method is explained in the instructions of Windows.

Paul Baird, UK Chief Technology Security Officer at Qualys

Paul Baird, UK Chief Technology Security Officer at Qualys, assesses the vulnerability as follows: “This vulnerability is a nightmare because IT teams cannot simply stop the print spooler and wait for the patch to be released. Rather, a robust monitoring system is the only opportunity for the teams at the moment. Thus, malicious processes generated by the Spooler service can be detected. But even this is not an easy task. You have to know the system first and be able to determine whether it does not need new printer drivers. Because you can’t just see such a good or bad event.

Many companies are already struggling to keep up with regular patch management. Any version and any type of Windows client and server – are affected. Therefore, it will be difficult to perform the fix quickly once it is available.“

Ready to see us in action:

Get a free quote

More To Explore

The first Half-Life 2: VR beta will be released in September

The first Half-Life 2: VR beta will be released in September

Search for strong links in an iOS project using Xcode

Search for strong links in an iOS project using Xcode

Infostealer Qakbot now relies on ZIP files

Infostealer Qakbot now relies on ZIP files

FabricScape container vulnerability: Microsoft and Unit 42 are working together on a solution

FabricScape container vulnerability: Microsoft and Unit 42 are working together on a solution

Website, blog, social media - this is how lead generation works in B2B

Website, blog, social media - this is how lead generation works in B2B

Partner Awards 2021: Airlock is looking for partners for 2022

Partner Awards 2021: Airlock is looking for partners for 2022

Thales and Palo Alto Networks: Integration of large zero Trust Environments

Thales and Palo Alto Networks: Integration of large zero Trust Environments

Global Fortinet Survey: OT companies not adequately secured against attacks

Global Fortinet Survey: OT companies not adequately secured against attacks

Prime Air deliveries - Amazon lets go of the drones

Prime Air deliveries - Amazon lets go of the drones

Cybercriminals Don't Take a vacation: Tips for Online Safe Vacations

Cybercriminals Don't Take a vacation: Tips for Online Safe Vacations

arrow-up
logo-footer
  • info@iwanta.tech
  • Wehlistrasse 65, 1200 Vienna
News for countries: Germany, France, Great Britain, Italy, Spain, Netherlands, Belgium, Greece, Portugal, Sweden, Austria, Switzerland, Denmark, Finland, Norway, Irish.
2017-2024 Iwanta Tech © All rights reserved
IWanta.tech
Logo
Enable registration in settings - general
Have any project in mind?

Contact us:

small_c_popup.png