MS Windows: Print Spooler Vulnerability CVE-2021-34481

Summary:

  • A new point-and-print driver vulnerability enables users to elevate their user accounts.
  • Any user, local or remote who has access to machines can potentially run the exploit and become a local/domain admin.
  • No 100% patch as yet, just mitigation strategies.

Intro

This week at Coretechs IT, we protected our clients from a new critical security vulnerability (CVE-2021-34481) that targets any public/private accessible computer that prints. This is further exacerbated by business machines being accessed remotely during Covid and potentially open to compromise.

This issue enables a successful attacker to elevate their privileges to system-level, which opens business and systems to serious risk.

The Fix

The fix… Well currently there’s no patch that works 100%, but at this point the most sure-way to protect clients is to disable the print spooler which disables printing all together. Not a great workaround, but being in a 7-day lockdown helps somewhat. The more business-friendly approach is to ensure users a not local-admins to start with, and to apply policies that ensure elevation prompts when trying to install printers. Not a 100% fix but does reduce the risk until Microsoft release a permanent solution. This of course, all in addition to ensuring remote access is as locked down as possible.

For more information:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481#workarounds

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527#securityUpdates

https://support.microsoft.com/topic/31b91c02-05bc-4ada-a7ea-183b129578a7