Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0136.2 Windows Print Spooler Elevation of Privilege Vulnerability 13 August 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Print Spooler Operating System: Windows Impact/Access: Increased Privileges -- Existing Account Resolution: Mitigation CVE Names: CVE-2021-34481 Reference: ASB-2021.0123.4 Revision History: August 13 2021: Microsoft updated advisory with security update details July 16 2021: Initial Release OVERVIEW Microsoft has released an out-of-band critical update to address a Windows Print Spooler Elevation of Privilege Vulnerability. Microsoft has assigned CVE-2021-34481 to this vulnerability. [1] IMPACT Microsoft has stated the following: "An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have the ability to execute code on a victim system to exploit this vulnerability." [1] MITIGATION The workaround for this vulnerability is stopping and disabling the Print Spooler service. [1] "Determine if the Print Spooler service is running Run the following in Windows PowerShell: Get-Service -Name Spooler If the Print Spooler is running or if the service is not disabled, follow these steps: Stop and disable the Print Spooler service If stopping and disabling the Print Spooler service is appropriate for your environment, run the following in Windows PowerShell: Stop-Service -Name Spooler -Force Set-Service -Name Spooler -StartupType Disabled Impact of workaround Stopping and disabling the Print Spooler service disables the ability to print both locally and remotely." [1] ========UPDATE 13/08/2021========= Microsoft updated advisory on August 10, 2021 to announce it is releasing security updates for all affected versions of Windows to address this vulnerability. [1] REFERENCES [1] Windows Print Spooler Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYRYE4+NLKJtyKPYoAQhJbA/+OgegG3q6aWtTsMZdD8yT+64TvYT5OB7+ dIX90QGM2AQVYUdrmhB6Y0xPX2/IFEsHDEBv3VXHpWckfdM88tSVAPAocUL6CeJZ bxTFAT0njAf+5jZiBK4oZMpVK43UXLQ6/nXRvPp5iPprgoRPDbygYH0AD8rAB9a8 SDvY8EuKBRtmPAETI+0VKWhitADVJEBmY7AE0pK9/JmpkXiV0XF+KYiZSkAqA8mo 7KRRP8hykp4QHBYMIdEl7+tSUUmesjIPPJJXkh5xztE4SVmT6z9Nuw03IWObICVs s30mlouDUuDCH+F8ySK/4ThT/eGlG60VZKjU/hAQY1Ood57cw2xH/6xDbDuzQ5rx JteCmMw/q+rrAJppQTWx2mff8xLwHJVJ5Rj9tL7kJYPAnMEv1x+iMpv+I7oANdUi zyPUeo2yWqGZdK2zLAYyO58d3ttonEE6+a9o6CHTkbdJg3Y58K5KbRJvX9oE+Nqv mGr/ERd7gXPgKJsA8IoRtatuHM31E6bFrrOBg2SOSbEMJxnKLX0Y21jajcADLi3O KpQfxXHZgRSkCbQ42oJzswXwS9bpTHafmRiGHCSDFL35cPIcxeBK8xF2V8lpXJj9 UWW2Su9ULorRrv+pIFKw1ptot6omOMstIW3MxZFbX2C6KW4v/J/0t8UzXXErAouL Gy34xAbMAa4= =QBUA -----END PGP SIGNATURE-----