NIST's guidance for a Zero Trust Architecture

Recent AD News

Another zero-day vulnerability confirmed by Microsoft

Zero-Day vulnerability

This vulnerability, present in the Windows Print Spooler service, allows local attackers to get access to system privileges.

Microsoft has confirmed another Windows Print Spooler vulnerability, that is being tracked as CVE-2021-36958. This vulnerability, which is a part of the PrintNightmare set of vulnerabilities, allows the local attackers to gain access to system privileges.

Microsoft released an advisory for the vulnerability, saying that there exists a remote code execution vulnerability when the Windows Print Spooler service does not properly perform privileged file operations.

“An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” the advisory says.

Microsoft says that the current workaround for this zero-day vulnerability is to disable the Print Spooler service. Disabling the service was a workaround also to another PrintNightmare vulnerability.

Earlier in March, Microsoft had disclosed a set of 0-day vulnerabilities called Proxylogon vulnerabilities in its on-premise Exchange servers. One of the flaws allowed attackers to bypass the authentication mechanism to gain access to resources in the servers. ManageEngine has a webinar that speaks about preventing and mitigating such 0-day vulnerability exploits. You can watch the webinar recording here.

Related posts
Recent AD News

Attackers use stolen credentials to intrude into the UN network

Recent AD News

CISA and FBI expect ransomware attacks to soar over the Labor Day weekend, issue advisory

Recent AD News

Automate access decisions with risk-based contextual authentication

Recent AD News

2020 recorded the highest number of CVE’s to ever be reported

Leave a Reply

Your email address will not be published. Required fields are marked *