Submitted by Information Security
The critical Windows Print Spooler vulnerability could open the door to a complete system takeover by remote adversaries. If adversaries gain limited user access to a network and successfully exploit this vulnerability, they could run remote code with System privileges to install programs, view, change, or delete data or create new accounts with full user rights.
Every Microsoft machine (servers and computers) has the Print Spooler feature enabled by default to manage all print jobs sent to the computer printer or print server.
IMS will be patching the vulnerability and implementing Microsoft’s recommendations to disable Point and Print1 and require administrative privileges to install print drivers. If you have questions or need to add printers and related drivers, contact the IMS Service Desk at (210) 567-7777 or ims-servicedesk@uthscsa.edu.
Information for users
The best protection for your devices is this: Keep your software and applications up to date, do not click suspicious links in emails, do not open shared documents or email attachments unless you are expecting them and trust the person who sent them, and only use secure, trusted networks. For more information, see Phishing & Suspicious Email, Secure Your Devices, and Secure your Home Computing Environment on the Information Security website.
References
- PrintNightmare, Critical Windows Print Spooler Vulnerability (US CERT Cybersecurity & Infrastructure Security Agency)
- Microsoft Windows Print Spooler RpcAddPrinterDriverEx() function allows for RCE (CERT Coordination Center, Carnegie Mellon University)
- CVE-2021-34527 – Windows Print Spooler Remote Code Execution Vulnerability (Microsoft)
1: Point and Print is an old Windows functionality that lets Windows users set up printers without downloading the printer and configuration files.