Microsoft says the new flaw would allow attacks to run malicious code even with limited system privileges. The malware could elevate privileges to gain complete control and Windows system access. It is worth noting the print spooler is on all versions of Windows, not just Windows 10. In its notes, Microsoft points out an “attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” Just like with the first – not yet entirely resolved – Windows print spooler vulnerability, Microsoft advises customers to disable Windows print spooler. If you are unsure how to disable services in Windows, check out our tutorial for stopping, starting, and disabling Windows services. Microsoft is tracking the new vulnerability as CVE-2021-34481. It was first disclosed to the company by cybersecurity research firm Drago. No patch for this problem is ready yet, but considering Microsoft’s previous failed patches, we prefer the company roll out an actual working fix this time.
How the Nightmare Started
PrintNightmare started as From an exploit PoC accidentally leaking online last month, to Microsoft later issuing an emergency out of band patch. PrintNightmare was spotted by security researchers at Sangfor, the flaw became active when the group accidentally released the proof-of-concept (PoC). This gave attackers the knowledge of how to exploit the flaw, meaning they could conduct remote execution code attacks to gain system-level privileges. Print Spooler is a service on Windows that runs by default. It is also an older component of the platform, which means all Windows versions are affected. Tip of the day: If your PC keeps connecting to the wrong WiFi network, you can set WiFi priority to avoid the need to manually select access points over and over again