On July 1, 2021, Microsoft issued an alert for the Windows Print Spooler remote code execution vulnerability (CVE-2021-34527). Attackers who have exploited this vulnerability can execute arbitrary code with SYSTEM privileges. We recommend that you patch this vulnerability at your earliest convenience and take measures against security risks.
Detected vulnerability
- Vulnerability ID: CVE-2021-34527
- Vulnerability severity: critical
- Affected versions:
- Windows Server 2019
- Windows Server 2016
- Windows Server 2012 R2
- Windows Server 2008 R2
- Windows Server, version 2004 (Server Core installation)
- Windows Server, version 1909 (Server Core installation)
Details
In June 2021, Microsoft released patches for fixing the Windows Print Spooler remote
code execution vulnerability (CVE-2021-1675). This Windows Print Spooler remote code
execution vulnerability (CVE-2021-34527) is similar but distinct from the vulnerability
that is assigned CVE-2021-1675. A remote code execution vulnerability exists when
the Windows Print Spooler service improperly performs privileged file operations,
and attackers can attack authenticated users who must call RpcAddPrinterDriverEx()
.
Attackers who have exploited this vulnerability can execute arbitrary code with SYSTEM privileges. Then, the attackers can install programs, view, change, or delete data, or create new accounts with full user permissions.
Security suggestions
Install the patch for the CVE-2021-34527 vulnerability at your earliest convenience.
Solutions
Go to the Microsoft official website to download the corresponding patch. For more information, visit CVE 2021 34527.
Announcing party
Alibaba Cloud Computing Co., Ltd.