On July 1, 2021, Microsoft issued an alert for the Windows Print Spooler remote code execution vulnerability (CVE-2021-34527). Attackers who have exploited this vulnerability can execute arbitrary code with SYSTEM privileges. We recommend that you patch this vulnerability at your earliest convenience and take measures against security risks.

Detected vulnerability

  • Vulnerability ID: CVE-2021-34527
  • Vulnerability severity: critical
  • Affected versions:
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2008 R2
    • Windows Server, version 2004 (Server Core installation)
    • Windows Server, version 1909 (Server Core installation)

Details

In June 2021, Microsoft released patches for fixing the Windows Print Spooler remote code execution vulnerability (CVE-2021-1675). This Windows Print Spooler remote code execution vulnerability (CVE-2021-34527) is similar but distinct from the vulnerability that is assigned CVE-2021-1675. A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations, and attackers can attack authenticated users who must call RpcAddPrinterDriverEx().

Attackers who have exploited this vulnerability can execute arbitrary code with SYSTEM privileges. Then, the attackers can install programs, view, change, or delete data, or create new accounts with full user permissions.

Security suggestions

Install the patch for the CVE-2021-34527 vulnerability at your earliest convenience.

Solutions

Go to the Microsoft official website to download the corresponding patch. For more information, visit CVE 2021 34527.

If you have any questions or feedback, submit a ticket to contact Alibaba Cloud.

Announcing party

Alibaba Cloud Computing Co., Ltd.