Microsoft has once again issued a warning advising users to disable Windows print spooler in what appears to be the third serious Windows 10 print flaw in just five weeks. It looks like a new Windows print service vulnerability CVE-2021-34481 has now been discovered. If exploited, it could allow hackers to execute malicious code on machines. At the time of writing this, Microsoft has not released a patch fixing this flaw.
How serious is CVE-2021-34481 DevilsTongue vulnerability?
DevilsTongue vulnerability can be pretty serious since an attacker could install malicious programs with SYSTEM privileges. Meaning, hackers who successfully exploited this flaw could view, change, or delete user data or create new accounts with SYSTEM privileges (full user rights). Disclosing this vulnerability, Microsoft had this to say:
“An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges,” Microsoft said.
This type of attack can only be successful if the hacker can find ways to execute code on a victim machine. There’s no denying that Microsoft will fix this vulnerability in due course. But as of now, all you can do to stop this vulnerability is disable the Print Spooler service.
Previously, Microsoft addressed two similar Windows Print Service PrintNightmare vulnerabilitiy CVE-2021-1675 and CVE-2021-34527. This newly discovered flaw also exists in the Print Spooler service, the company has acknowledged. According to Microsoft, the vulnerability existed before the July 13, 2021 security update.
“We are developing a security update [for this vulnerability]. All security updates are tested to ensure quality prior to release. Solutions to verified security issues are normally released via our monthly Update Tuesday cadence,” Microsoft added.
How to know if the Print Spooler service is running
Make sure to run the following command in Windows PowerShell:
Get-Service -Name Spooler
How to disable the Print Spooler service
If you want to disable the Print Spooler service, you can follow these steps:
Run the following commands in Windows PowerShell:
Stop-Service -Name Spooler -Force
Set-Service -Name Spooler -StartupType Disabled
It should be noted that once you’ve disabled the Print Spooler service, you can’t possibly print either locally or remotely.
