Attackers exploit Windows Print Spooler

Be Aware! Attackers exploit Windows Print Spooler.

15th July 2021
Pieter Roux

Be aware! Attackers exploit Windows print Spooler. On 1st July 2021, Microsoft confirmed a vulnerability in all versions of Windows. Importantly it gives them potential access to your system to install ransomware, modify your data and create new accounts with full admin rights for future clandestine use.

Read more at Microsoft.

In other words, built into the Microsoft Windows Operating Systems is the Windows Print Spooler software. For this reason, it temporarily stores print jobs in the computer’s memory until the printer is ready to print them. To print, it schedules the order sent to the print queue. In addition, this service is a default in Windows OS.

To explain, if you have a printer connected to your server or any computer on your LAN or WAN the Windows Print Spooler service is running and you are vulnerable!

On 7th July 2021, Windows released an upgrade, CVE 2021 34527, to address this problem. Run the update on all servers and computers on your LAN or WAN.

Now we know attackers exploit Windows Print Spooler. To conclude, CiMSO recommends that you update all your computers by navigating to Windows Update Settings -> Check for Updates and deploy all updates.

CiMSO is a registered Microsoft Partner.