UPDATE: Threat Response: Vulnerability in Microsoft Windows

07-07-2021

A SAFE DIGITAL JOURNEY

Last Wednesday, June 30, we informed about vulnerabilities in the Print Spooler Service on Microsoft Windows. The vulnerability has now been given a new CVE and patches are available for a limited set of systems.

For the original Threat Response, click here

Description

On June 8 2021, Microsoft released a patch [1] for a vulnerability in the Print Spooler service on Windows. In the threat response of June 30th, we informed you that this patch did not work because a vulnerability still existed in the Print Spooler service. This turned out to be a different vulnerability than the patch was intended for. For this new vulnerability, Microsoft has assigned a new CVE number (CVE-2021-34527) and made an update available for a limited number of Windows versions, including Windows 7[2]. Warning! Updates are not yet available for Windows 10 version 1607, Windows Server 2012, and Windows Server 2016.

What should you do?

Microsoft has addressed the vulnerability in security updates released on July 6 [2]. Northwave strongly recommends installing these as soon as possible. For systems for which no update is available yet, the advice remains to disable the Print Spooler service or disable inbound remote printing via Group Policies until a patch is available. For more details see the Workarounds section on the Microsoft page for CVE-2021-34527 [2].

What will Northwave do?

For Northwave SOC customers using Endpoint Monitoring based on ESET or Defender, Northwave is able to detect exploitation attempts.

Northwave will monitor any developments regarding this vulnerability. If new critical information about this threat arises we will reach out to you. If you need additional information you can call us by phone or send us an email.

E-mail: [email protected]
Do you have an incident right now? Call our CERT number: +31 (0)85 043 7909 or 0800-1744 (alleen vanuit Nederland)

Disclaimer applies, see below.

Sources

[1]: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675

[2]: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

 

Disclaimer
Northwave has made every effort to make this information accurate and reliable. However, the information provided is without warranty of any kind and its use is at the sole risk of the user. Northwave does not accept any responsibility or liability for the accuracy, content, completeness, legality or reliability of the information provided. We shall not be liable for any loss or damage of whatever nature, direct or indirect, consequential or other, whether arising in contract, tort or otherwise, which may arise as a result of your use of, or inability to use, this information or any additional information provided by us in direct or indirect relation to the information provided here.