7th July 2021, Kathmandu
Microsoft has published mitigation guidance to block attacks on systems vulnerable to exploits setting Audience the windows print spoiler.
Remote Coe execution bug impacts all the windows, the company is still Investigating the vulnerability which is exploitable on all or not.
The U.S. government has taken a step in Mitigation for critical remote code execution vulnerability in windows. CERT coordination center is a part of the software engineering institute, a federally funded research center.
The cert/cc has released a vulnote CVE-2021-1675 insistence system administration to disable the windows print spooler service in Domain controllers and systems. Microsoft has also confirmed that an update for CVE-2021-1675, important to realize that updates do not protect active directory domain controllers.
Microsoft put an advisory of its own on the print nightmare that assigns a new CVE and seems a new attack vector while attempting to clarify the confusion that has arisen.
Highlights:
- The vulnerability affects any Windows Computer running a print spooler
- The working assumption is a patch that will be made available once it is created and tested
- Valid credentials are needed to exploit this vulnerability
The organization has issued a notice for a bug called “windows print spooler remote code execution vulnerability” that has come true but with a different CVE number (CVE-2021-34527).
While studying the bug looks like a print nightmare; Microsoft has acknowledged it as an evolving situation.
Remote code execution vulnerability contains when the windows print spooler service improperly does privileged file operations. An attacker who has done successfully exploit the vulnerability can run arbitrary code with system privileges.
This vulnerability is the same but distinct from the vulnerability that is assigned CVE-2021-1675, which looks after a different vulnerability.
The attack vector is different as well. CVE-2021-1675 was addressed by June 2021 security update. Attackers could be an indicator that they have known about this bug for some time, and fully addressing it is not trivial.
When the printer spooler is disabled on any servers that do not need printing functionality. This is the true step for active directory servers.
Developers have developed a script that will test and see if the vulnerability has been run against a particular system. Make sure that your servers and computers are up to date with the latest security patches.
