Microsoft discloses new print spooler flaw without patch


Microsoft disclosed a new Windows print spooler vulnerability Wednesday, weeks after the PrintNightmare flaw was first revealed, and this one doesn’t have a patch ready.

CVE-2021-36958 is a remote code execution (RCE) vulnerability in Windows print spooler software, which manages a device’s printing jobs, that occurs when the software “improperly performs privileged file operations,” according to Microsoft’s page dedicated to the vulnerability.

“An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” the advisory reads.

Read more…