Service Notices
Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-1675)
Jul 01, 2021 GMT+08:00
I. Overview
Security researchers have disclosed the Windows Print Spooler remote code execution vulnerability (CVE-2021-1675). An attacker can exploit this vulnerability to bypass the authentication of PfcAddPrinterDriver and install a malicious drive on the print server. If the user controlled by the attacker is in a domain, the attacker can connect to the Spooler service in a DC and exploit this vulnerability to install a malicious drive in the DC to control the entire domain. The POC of this vulnerability has been disclosed and the risk is high.
Windows Print Spooler is a printer background processing program of Windows and is widely used in intranets. If you are a Windows Print Spooler user, check your system and implement timely security hardening.
Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Affected versions:
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server, version 2004 (Server Core installation)
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
IV. Security Recommendations
1. Microsoft has released a patch in the monthly update at the beginning of June. Affected users can use Windows Update to automatically update Microsoft patches or manually download patches. The patch download address is as follows:
https://msrc.microsoft.com/update-guide
2. If the patch cannot be installed in a timely manner, disable the Print Spooler service to temporarily avoid risks.
Find the Print Spooler service in the service application (services.msc), stop the service, and set Startup Type to Disabled.
3. Back up data remotely to protect your data.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.