Facepalm: Microsoft once again advises its customers to disable the Windows spooler, after a new vulnerability emerged that allows hackers to execute malicious code on machines. While a patch will be released that fixes the flaw in due course, the most effective workaround currently on the table is to stop and disable the spooler service entirely.
This is the third spool vulnerability to emerge in just five weeks. While a critical flaw was originally identified and corrected in June, a similar flaw, named Print Nightmare – came out shortly after and was subsequently patched (with mixed success).
The emergence of this new vulnerability is frustrating news for Microsoft and its users.
Microsoft has warned clients of the new online spooler vulnerability, typing: “An elevation of privilege vulnerability exists when the Windows Print Spooler service incorrectly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary privileged code SYSTEM. An attacker could install programs; view, change or delete data; or create new accounts with all user rights. “
This is very important!
If you have the “Print Spooler” service enabled (which is the default), any remote authenticated user can run code such as SYSTEM on the domain controller.
– Will Dormann (@wdormann) June 30, 2021
The bottom line in terms of making your computer safe is to stop and disable the spooler service entirely, if it is running: Microsoft spells out how you can do it online. While a patch for this vulnerability will be released in due course, there is currently no timeline available.