Microsoft issued a new security warning about the unpatched Windows Print Spooler Elevation of privilege vulnerability that allows attackers to execute an arbitrary code with the system privileges’.
“The print spooler service is a service that is running on each computer that participates in the Print Services system. The print spooler service implements the print client and print server roles, by enabling each participating system to act as a print client, administrative client, or print server for the Print Services system.”
The Vulnerability found existing in the Print Spooler service allows attackers to perform a local elevation of privilege.
Once the attackers successfully exploited this vulnerability, they could install the malicious programs, modify, change and delete the data, which also allows attackers to create new user accounts.
In order to exploit the vulnerability, an attacker needs to execute the code on a victim system, and it is a local privilege escalation vulnerability and tracked as CVE-2021-34481.
According to Microsoft report “An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. “
Microsoft published a work around for this vulnerability to secure the system from this vulnerability.
“We will update this CVE when we complete our investigation. If you wish to be notified when updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.” Microsoft said.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
A critical authentication bypass vulnerability in SonicWall firewalls, tracked as CVE-2024-53704, is now being actively…
Researchers have identified a new backdoor malware, written in Go programming language, that leverages Telegram…
A recently discovered Python script has been flagged as a potential cybersecurity threat due to…
A website launched by Elon Musk's Department of Government Efficiency (DOGE) has been found to…
The notorious Lazarus Group, a North Korean Advanced Persistent Threat (APT) group, has been linked…
Job seekers have become the target of a sophisticated ransomware campaign in a recent cybersecurity…