Geeks for your information
Microsoft Warns: Another Unpatched PrintNightmare Zero-Day - Printable Version

+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: News (https://www.geeks.fyi/forumdisplay.php?fid=105)
+--- Forum: Privacy & Security News (https://www.geeks.fyi/forumdisplay.php?fid=107)
+--- Thread: Microsoft Warns: Another Unpatched PrintNightmare Zero-Day (/showthread.php?tid=15848)



Microsoft Warns: Another Unpatched PrintNightmare Zero-Day - silversurfer - 12 August 21

Quote:One day after dropping its scheduled August Patch Tuesday update, Microsoft issued a warning about yet another unpatched privilege escalation/remote code-execution (RCE) vulnerability in the Windows Print Spooler.
 
The zero-day bug, tracked as CVE-2021-36958, carries a CVSS vulnerability-severity scale rating of 7.3, meaning that it’s rated as “important.” Microsoft said that it allows for a local attack vector requiring user interaction, but that the attack complexity is low, with few privileges required.

“A remote code-execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations,” the computing giant explained in its Wednesday advisory. “An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change or delete data; or create new accounts with full user rights.”

Read more: Microsoft Warns: Another Unpatched PrintNightmare Zero-Day