New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Another Windows Print Spooler Vulnerability (CVE-2021-34481) Acknowledged by Microsoft

Another vulnerability in the Windows Print Spooler service has been discovered, unrelated to the recent PrintNightmare vulnerability (CVE-2021-34527). Tracked as CVE-2021-34481, this vulnerability allows for a local escalation of privilege to SYSTEM-level access on the exploited host. Unlike PrintNightmare before it, this vulnerability is only known to affect systems locally and has not known to be exploitable remotely. Potentially in an effort to ease concerns over installing the July 13th, 2021 patch released to remediate PrintNightmare, Microsoft also stated that CVE-2021-34481 was not introduced through the patch as it had already existed prior to this date.

Analyst Notes

Although not quite as serious as the recent PrintNightmare vulnerability, Binary Defense still highly recommends that organizations follow a regular patch schedule and apply the eventual patch to remediate CVE-2021-34481. Until a patch is released, Microsoft has listed a workaround for disabling the Print Spooler service through the PowerShell commands “Stop-Service -Name Spooler -Force” followed by “Set-Service -Name Spooler -StartupType Disabled” to disable the service from automatically starting at boot. Please keep in mind that following this workaround also disables the ability to print both locally and remotely.