Microsoft Windows users alert! New flaw lets hackers control system functions

In a recent statement, the company stated, “Microsoft is aware of and investigating a remote code execution vulnerability that affects Windows Print Spooler and has assigned CVE-2021-34527 to this vulnerability. This is an evolving situation and we will update the CVE as more information is available.”

Microsoft claims that a remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations.

With the use of this vulnerability in the Windows operating system, cybercriminals could run arbitrary code with System privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Microsoft has confirmed that all versions of Windows contain the vulnerable code and are vulnerable. However, there are certain conditions that need to be met on the system to enable exploitation.

In order to prevent your system from being victim to cybercriminals who plan to use this new vulnerability, Microsoft claims users should apply the security updates released on June 8, 2021.

Further, to work around the vulnerability, users can disable Print Spooler. However, disabling the Print Spooler service disables the ability to print both locally and remotely.

The second option is to disable inbound remote printing through Group Policy. This can be done by going to Computer Configuration / Administrative Templates / Printers and then disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks.

This policy will block the remote attack vector by preventing inbound remote printing operations. The system will no longer function as a print server, but local printing to a directly attached device will still be possible.