- A new point-and-print driver vulnerability enables users to elevate their user accounts.
- Any user, local or remote who has access to machines can potentially run the exploit and become a local/domain admin.
- No 100% patch as yet, just mitigation strategies.
This week at Coretechs IT, we protected our clients from a new critical security vulnerability (CVE-2021-34481) that targets any public/private accessible computer that prints. This is further exacerbated by business machines being accessed remotely during Covid and potentially open to compromise.
This issue enables a successful attacker to elevate their privileges to system-level, which opens business and systems to serious risk.
The fix… Well currently there’s no patch that works 100%, but at this point the most sure-way to protect clients is to disable the print spooler which disables printing all together. Not a great workaround, but being in a 7-day lockdown helps somewhat. The more business-friendly approach is to ensure users a not local-admins to start with, and to apply policies that ensure elevation prompts when trying to install printers. Not a 100% fix but does reduce the risk until Microsoft release a permanent solution. This of course, all in addition to ensuring remote access is as locked down as possible.
For more information: