Windows 10 PrintNightmare Returns
Another zero-day Windows 10 print spooler vulnerability has been discovered, meaning your system may still be open to attackers exploiting this vulnerability to obtain system privileges.
This follows similar PrintNightmare vulnerabilities in July.
This latest issue (CVE-2021-36958, for those keeping score), is described by Microsoft:
“A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
“The workaround for this vulnerability is stopping and disabling the Print Spooler service.”
Crowdstrike, who assess and track the risk of such vulnerabilities, predicts “that the PrintNightmare vulnerability coupled with the deployment of ransomware will likely continue to be exploited by other threat actors.”