On June 8, 2021, Microsoft released patches including a patch for CVE-2021-1675. CVE-2021-1675 is a remote code execution vulnerability in the Windows print spooler. An unauthenticated remote attacker who successfully exploited this vulnerability can run arbitrary code with SYSTEM privileges on a domain controller to take over the entire domain. We recommend that you patch for this vulnerability at your earliest convenience and take measures against security risks.

Detected vulnerability

  • Vulnerability number: CVE-2021-1675
  • Vulnerability severity: critical
  • Affected versions:
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2008 R2
    • Windows Server, version 2004 (Server Core installation)
    • Windows Server, version 1909 (Server Core installation)

Details

Print spooler is a service that manages print-related transactions in Windows. In a domain environment, an unauthenticated remote attacker can exploit the CVE-2021-1675 vulnerability without interaction to run arbitrary code on the domain controller with SYSTEM privileges to take over the entire domain.

Security suggestions

Install the patch for CVE-2021-1675 at your earliest convenience.

Solutions

Go to the Microsoft official website to download the corresponding patch. For more information, see CVE-2021-1675.

If you have any questions or feedback, submit a ticket to contact Alibaba Cloud.

Announcing party

Alibaba Cloud Computing Co., Ltd.