As it works on a permanent fix, Microsoft has published two mitigation methods to help tackle a serious vulnerability currently being exploited in the wild.
As reported by Bleeping Computer, the vulnerability, tracked as CVE-2021-34527, is a Windows Print Spooler zero-day bug known as PrintNightmare.
The flaw can be abused to seize control of affected servers via remote code execution, allowing attackers to install programs, fiddle with data and create accounts with elevated privileges.
The two mitigation methods include disabling the Print Spooler service, essentially disabling printing capability both locally and remotely, and disabling inbound remote printing via Group Policy, which blocks inbound remote printing.
For the second workaround, Microsoft says "the system will no longer function as a print server, but local printing to a directly attached device will still be possible".
Apparently, the flaw is being actively exploited in the wild, but Microsoft did not say whether malicious actors or white had hackers were responsible. All versions of Windows are affected by the CVE, although it’s still unclear if malicious actors could exploit it on all versions.
The US Cybersecurity & Infrastructure Security Agency (CISA) has also recently suggested administrators disable the Windows Print Spooler service on servers not being used for printing.
- These are the best antivirus software around