Moneycontrol PRO
you are here: HomeNewsTechnology

Microsoft has found another flaw in the PrintSpooler service

The service that allows Windows to print documents now has a third critical security flaw

July 18, 2021 / 03:31 PM IST
The service that allows Windows to print documents now has a third critical security flaw

The service that allows Windows to print documents now has a third critical security flaw

Microsoft has found yet another security flaw in its PrintSpooler service that allows Windows to print documents. The total tally of flaws now sits at three.

The first one was addressed in a June security update, only for another one to be discovered called 'PrintNightmare' which affected every version of Windows and the company put out a patch that partially fixed the issue. Now a third flaw has been discovered which leaves Windows unable to print documents.

"An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations," Microsoft revealed in a post.

"An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

This means anyone who gains access to System privileges through this bug can potentially run malicious code on a system without the user knowing about it. Windows has said that this hasn't been exploited yet but now that it has been disclosed, it is likely that threat actors will look to take advantage.

Close
Microsoft hasn't disclosed the versions of Windows this affects but has categorically said that this flaw can only be used if the threat actor already has permissions or the ability to execute malicious code on the system. The only workaround so far is to disable the service altogether, which would leave you unable to print documents.
Moneycontrol News
first published: Jul 18, 2021 03:31 pm

stay updated

Get Daily News on your Browser
Sections
ISO 27001 - BSI Assurance Mark