This vulnerability, present in the Windows Print Spooler service, allows local attackers to get access to system privileges.
Microsoft has confirmed another Windows Print Spooler vulnerability, that is being tracked as CVE-2021-36958. This vulnerability, which is a part of the PrintNightmare set of vulnerabilities, allows the local attackers to gain access to system privileges.
Microsoft released an advisory for the vulnerability, saying that there exists a remote code execution vulnerability when the Windows Print Spooler service does not properly perform privileged file operations.
“An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” the advisory says.
Microsoft says that the current workaround for this zero-day vulnerability is to disable the Print Spooler service. Disabling the service was a workaround also to another PrintNightmare vulnerability.
Earlier in March, Microsoft had disclosed a set of 0-day vulnerabilities called Proxylogon vulnerabilities in its on-premise Exchange servers. One of the flaws allowed attackers to bypass the authentication mechanism to gain access to resources in the servers. ManageEngine has a webinar that speaks about preventing and mitigating such 0-day vulnerability exploits. You can watch the webinar recording here.