Knowlege base

CVE-2021-34527 Windows Print Spooler Remote Code Execution Vulnerability

Article ID: 859
Last updated: 19 Jul, 2021
Applies from Application Suite 201x (any version)
to version Application Suite 201x (any version)

Description

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Cause

Microsoft Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

Solution

Option 1 - Windows Updates
KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates.

Option 2 - Disable inbound remote printing through Group Policy

1) Stop Digital Fax from UCSuite Web page

2) Open a command prompt 

3) Execute this command

REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers" /f /v RegisterSpoolerRemoteRpcEndPoint /t REG_DWORD /d 2

4) Restart the Print Spooler service
5) Start Digital Fax from UCSuite Web page
 

Article ID: 859
Last updated: 19 Jul, 2021
Revision: 3
Views: 163
Print Export to PDF Subscribe Share
This article was:  
Prev   Next
How to bind the Digital Fax service to a specific IP and/or port     How to Remove Spurious prefix in Subject field