Vulnerability in the Windows Print Spooler Service
Chris Watkins
Head of Security

We’ve been made aware of a new remote code execution vulnerability in the Windows Print Spooler which is currently unpatched. This affects Windows 7 along with the Windows Server platform.

This vulnerability could allow a remote attacker with network access to obtain complete control over a vulnerable system.

There are reports that proof of concept code that exploits vulnerability in the Windows Print Spooler Service has been leaked into the wild, which would allow an attacker to bypass the authentication of RpcAddPrinterDriver and install a malicious driver to gain remote code execution.

The immediate advice we can provide as a result is:

  • There is currently no patch or remediation from Microsoft, there were some initial reports suggesting it would be patched in the June 2021 monthly update, but Microsoft have since confirmed this is not the case.
  • As a temporary measure and last resort, disable the Spooler Service. However, this will remove the ability to print so may impact business operations.
    • Customers can immediately reduce their risk by disabling the service on systems (like servers) that do not use the print spooler service.
  • Deploy Endpoint Detection & Response (EDR for example Carbon Black) and NextGen AntiVirus (AV) technologies throughout your environment to help monitor suspicious activity.
  • Ensure phishing user training and awareness is provided to all staff to prevent unauthorised access and the tool being deployed remotely via phishing campaigns.

Related Resources: CVE-2021-1675 - Security Update Guide - Microsoft - Windows Print Spooler Remote Code Execution Vulnerability

If you would like to learn more about deploying Endpoint solutions, read our HP Wolf Security blog to discover a newly integrated portfolio of secure by design PCs and printers.

As a leading Security partner working in partnership with Microsoft, Cisco, HP, RedScan, CloudGuard, Mimecast and more, Ultima are best fit to secure your endpoints and infrastruture. Why not check out our solutions here?

Full Name