Microsoft Confirms Another Print Spooler Vulnerability GA S REGULAR Menu Lifewire Tech for Humans Newsletter! Search Close GO News > Internet & Security

Microsoft Confirms Another Print Spooler Vulnerability

Spool on the roof must have a leak

By Rob Rich Rob Rich News Reporter College for Creative Studies Rob is a freelance tech reporter with experience writing for a variety of outlets, including IGN, Unwinnable, 148Apps, Gamezebo, Pocket Gamer, Fanbolt, Zam, and more. lifewire's editorial guidelines Updated on August 12, 2021 02:32PM EDT Fact checked by Rich Scherr Fact checked by Rich Scherr University of Maryland Baltimore County Rich Scherr is a seasoned technology and financial journalist who spent nearly two decades as the editor of Potomac and Bay Area Tech Wire. lifewire's fact checking process Tweet Share Email Tweet Share Email Internet & Security Mobile Phones Internet & Security Computers & Tablets Smart Life Home Theater & Entertainment Software & Apps Social Media Streaming Gaming Microsoft has confirmed yet another zero-day bug vulnerability tied to its Print Spooler utility, despite recently released spooler security fixes. Not to be confused with the initial PrintNightmare vulnerability, or the other recent Print Spooler exploit, this new bug would allow a local attacker to gain system privileges. Microsoft is still investigating the bug, referred to as CVE-2021-36958, so it has not yet been able to verify which Windows versions are affected . It also hasn't announced when it will release a security update, but states that solutions are typically released monthly. Geber86 / Getty Images According to BleepingComputer, the reason Microsoft's recent security updates don't help is because of an oversight regarding administrator privileges. The exploit involves copying a file that opens a command prompt and a print driver, and admin privileges are needed to install a new print driver. However, the new updates only require admin privileges for driver installation—if the driver is already installed there is no such requirement. If the driver is already installed on a client computer, an attacker would simply need to connect to a remote printer to gain full system access. Tatomm / Getty Images As with previous Print Spooler exploits, Microsoft recommends disabling the service entirely (if it's "appropriate" for your environment). While this would close the vulnerability, it also would disable the ability to print remotely and locally. Instead of preventing yourself from being able to print entirely, BleepingComputer suggests only allowing your system to install printers from servers you personally authorize. It notes, however, that this method isn't perfect, as attackers could still install the malicious drivers on an authorized server. Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Subscribe Tell us why! Other Not enough details Hard to understand Submit More from Lifewire Patch Tuesday (Most Recent: October 11, 2022) How to Cancel a Print Job What Is a Service? (Definition of a Windows Service) Windows Update (What It Is and How to Use It) What Is an Intrusion Prevention System (IPS)? How to Fix Printer Spooler Errors in Windows 10 How to Disable Remote Assistance and Desktop in Windows XP How to Fix Printer Spooler Errors in Windows 11 How to Restart the Print Spooler in Windows 10 How to Update Your Logitech Unifying Receiver What Is a Device Driver? The 6 Best Free Malware Removal Tools of 2022 Hidden Android Administrator Apps Browser Hijackers: What They Are and How to Protect Yourself From Them What Is a Patch? (Patch / Hotfix Definition) How to Change the Administrator Name in Windows 10 Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies Settings Accept All Cookies