news
On July 1 (local time), Microsoft said that Windows print spoolers had a remote code execution vulnerability (common vulnerability identifier: CVE-2021-34527).
This is a vulnerability called "PrintnightMare", which can remote the code remotely when the print spooler service operates inappropriate files.If the attack is successful, the System authority may be able to execute any code, and it will be possible to browse, change, delete, or create users with full authority.The attack is a print spooler RPCADDPRINTERDRIVEREX () function.
Similarly, "CVE-2021-1675" was used as a vulnerabilities using RPCADDPRINTERDRIVEREX (), but this has been modified in June 2021.The CVE-2021-34527 is a vulnerability of the same function, but the attack vector is different.Also, even in patches that have not been applied, this vulnerabilities are not newly caused by the patch.
Microsoft has two types of options as a provisional easing measure.One is to disable the printing spooler itself, but in this case it is impossible to print regardless of remote/local.The other is to disable "print spoolers to allow connections from clients" in the group policy.This does not function as a print server, but it is possible to print from local.
![A workaround that can be used immediately after the iPhone 13 freezes (Lifehacker [Japan version]) --Yahoo! News](https://website-google-hk.oss-cn-hongkong.aliyuncs.com/drawing/article_results_7/2022/3/3/45e4bce7ecbeb696b3a7fb4669c70965_1.jpeg)
