Published on: 02 July 2021
Last update on: 07 July 2021
Microsoft released a security update guide about a zero-day vulnerability in Windows Print Spooler service. A remote authenticated attacker could perform arbitrary code execution with SYSTEM privileges on a vulnerable system by exploiting the vulnerability.
Reports indicate that a proof-of-concept (PoC) code for the vulnerability (CVE-2021-34527) is publicly available. A successful attack could lead to remote code execution in Windows Print Spooler service. Patches are yet to be available but Microsoft has provided workaround to mitigate the risk. System administrators are advised to immediately disable the Windows Print Spooler service in Domain Controllers and systems that do not require the print function to mitigate the elevated risk of cyber attacks.
Further to our Security Alert (A21-07-01), Microsoft has released an out-of-band security update to address the vulnerability (CVE-2021-34527) in Windows Print Spooler service. System administrators are advised to take immediate actions to patch your affected systems to mitigate the elevated risk of cyber attacks.
For detailed information, please refer to the following vendor’s URL:
https://support.microsoft.com/zh-hk/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7
A successful exploitation could lead to remote code execution on an affected system.
On 1 July 2021, patches for the affected products are not yet available. System administrators should check if the Print Spooler service is running on the system. If the service is running, Microsoft has provided the workaround to mitigate the risk of exploitation. Details of the workaround could be found at the following URL:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527