Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0174.2 Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-36958 15 September 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Print Spooler Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-36958 Reference: ASB-2021.0136.2 Revision History: September 15 2021: Microsoft has released a patch to address this vulnerability August 13 2021: Initial Release OVERVIEW Microsoft has released an out-of-band update to address a Windows Print Spooler Remote Code Execution Vulnerability. Microsoft has assigned CVE-2021-36958 to this vulnerability. [1] IMPACT Microsoft has stated the following: "A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The workaround for this vulnerability is stopping and disabling the Print Spooler service." [1] --------------------UPDATE 14/09/2021-------------------- Microsoft has released a patch to address this vulnerability as part of the September 2021 patch cycle. [1] MITIGATION The workaround for this vulnerability is stopping and disabling the Print Spooler service. [1] "Determine if the Print Spooler service is running Run the following in Windows PowerShell: Get-Service -Name Spooler If the Print Spooler is running or if the service is not disabled, follow these steps: Stop and disable the Print Spooler service If stopping and disabling the Print Spooler service is appropriate for your environment, run the following in Windows PowerShell: Stop-Service -Name Spooler -Force Set-Service -Name Spooler -StartupType Disabled Impact of workaround Stopping and disabling the Print Spooler service disables the ability to print both locally and remotely." [1] --------------------UPDATE 14/09/2021-------------------- Microsoft has released a patch to address this vulnerability as part of the September 2021 patch cycle. [1] REFERENCES [1] Windows Print Spooler Remote Code Execution Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYUGK+eNLKJtyKPYoAQgDSg/9GWvE6SpF5pg95fO3wi8NHEDuWrb1tRSD VfXf/H4NvZmDeuHrkbSDFuKqG4ZPEFclOMO61RKzs9cL9O00lo5590hmnwgSmhoP ghQA6LPQ4sTladyBwYujrDKcMB/3x141mEujoPyVs89ek+GfVhA2IX7zIpBETxQ8 BRM9QDq1wTPPnOdJAneKGZYwJvjeVRIBFRGwk1FPtJTVMm7WhGsqOsQ5/lVf+CT7 PqPESJJS2ywXnOpI8YwXWloPeoXrT+JsbEkj8SejZYvPiXD/cQ5vG2DXAs8YdLei lPJI4G1RAfJfqUndu9F3nUZM8PpHc3V3m1Pm/PKbE2we96PiWqw1fczxO/R/yyIC Ml70q7NmCFy77DCUZEDWw+22BUFGLJLHqwvjOB2//8cDOGUjcMpNSVTX0zxj0D9v OpI30Bw9YBvQBH4QadD6KttFL0mPUQmW24qsiqmfJc3Gtpa/qx80uFHPb7+csYju wMzct0sIeagj1NU6KOyocS8GmRkniyR0R1pIhIyCeZSth1cv9EVn7Mn9+j+EI/yw 9Bz4i8tVvj5LOwLNF7Tu6VxzmXN1kz0QiGFM+e7OscV+WGkqSROXW66G1Gt3eA+B SqcOqHcZpT8LUibZxFLyGhvrM9fwn+rk8c36m+1MqwvkpSQkMqMJ+TY6eVk8ObpS bvt2NvdhJKs= =uvhw -----END PGP SIGNATURE-----