Microsoft made it clear this new vulnerability ( CVE-2021-32527) is similar but distinct from the vulnerability the CVE-2021-1675 flaw that addressed a different vulnerability in RpcAddPrinterDriverEx(). “An attack must involve an authenticated user calling RpcAddPrinterDriverEx(),” the company added. An attacker could then install programs view, change, or delete data or create new accounts with full user rights,” according to Redmond's advisory. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. “A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. In a pre-patch advisory issued late Thursday, Microsoft said a reliable exploit could be launched remotely to take full control of unpatched machines. Microsoft’s own misdiagnosis of a Print Spooler flaw that was just patched in June this year also added to the confusion. Microsoft’s confirmation of a new, unpatched Windows Print Spooler bug comes days after researchers noticed that published proof-of-concept code for a different vulnerability was reliably exploiting fully patched Windows machines. Microsoft late Thursday acknowledged a severe security vulnerability in the Print Spooler utility that ships by default on Windows and warned that the bug exposes users to computer takeover attacks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |