New Windows print spooler zero day exploitable via remote print servers
Another zero day vulnerability in Windows Print Spooler can give a threat actor administrative privileges on a Windows machine through a remote server under the attacker’s control and the ‘Queue-Specific Files’ feature.
Last month, a security researcher accidentally revealed a zero-day Windows print spooler vulnerability known as PrintNightmare that Microsoft tracks as CVE-2021-34527.
Exploiting this vulnerability lets a threat actor increase privileges on a machine or execute code remotely.
Microsoft released a security update to fix the vulnerability but researchers determined that the patch could be bypassed under certain conditions.
Since the incomplete fix, security researchers have been heavily scrutinizing the Windows printing APIs and have found further vulnerabilities affecting the Windows print spooler.
Source: BleepingComputers