Advisory No: TZCERT/SA/2021/07/01

Date of First Release: 01^st July 2021

Source: Microsoft

Software Affected: 

• Microsoft Windows Print Spooler Service

Overview:

Vulnerability exists in Microsoft Windows Print Spooler service due to failure in restricting access to the RpcAddPrinterDriverEx() function,  which could allow a remote attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system.

Description:

The RpcAddPrinterDriverEx() function is used to install a printer driver on a system. This function contains several parameter e.g DRIVER_CONTAINER object( contains information about driver to be used by added printer) etc.

The DRIVER_CONTAINER object is then used within the call to RpcAddPrinterDriverEx() to load the driver. This driver may contain arbitrary code that will be executed with SYSTEM privileges on the victim server. This command can be executed by any user who can authenticate to the Spooler service.

Impact:

Successful exploitation of this vulnerability could lead to remote code execution on the affected system.

Solution:

Microsoft has not issued a permanent fix to this vunerability. Users and administrators are advised to apply the following workaround;

• Stop and disable the Print Spooler service

On Windows cmd:

 net stop spooler

On PowerShell:

Stop-Service -Name Spooler -Force

Set-Service -Name Spooler -StartupType Disabled

References:

1. https://www.kb.cert.org/vuls/id/383432
2. https://www.rapid7.com/blog/post/2021/06/30/cve-2021-1675-printnightmare-patch-does-not-remediate-vulnerability/

Cisco has released security updates to address vulnerabilities in Adaptive Security Appliance Software and Firepower Threat Defense software. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review Cisco Security Advisory and apply necessary updates.

Drupal has released security updates to address vulnerability affecting Third-party CKEditor library. Exploitation of this vulnerability could allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review Drupal Security Advisory and apply necessary updates.

SUSE has released security update to address vulnerabilities affecting its 7multiple packages. Exploitation of these vulnerability could allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review SUSE security announcement SUSE-SU-2021:2184-1, SUSE-SU-2021:2177-1, SUSE-SU-2021:2186-1 and SUSE-SU-2021:2180-1 and apply necessary updates.

Palo Alto Networks has released security updates to address a vulnerability in Cortex XSOAR. Exploitation of this vulnerability may allow an attacker to gain escalated privilege.

Users and administrators are encouraged to review Paloalto Security Advisory and apply necessary updates.