Issued: Sunday, 15 August, 2021 |
Last Revision: Sunday, 15 August, 2021 |
Vendor: |
Product: |
Severity Level: |
CVE-2021-36958 is a remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations.
An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Microsoft has not yet released patches to address this vulnerabilities. Please refer the Recommendation section for information on how to protect system from this vulnerability.
Description | CVE | CVSS3.0 Score |
Windows Print Spooler Remote Code Execution Vulnerability | CVE-2021-36958 | 7.3 |
The workaround for this vulnerability is stopping and disabling the Print Spooler service.
Determine if the Print Spooler service is running
Run the following in Windows PowerShell:
"Get-Service -Name Spooler"
If the Print Spooler is running or if the service is not disabled, follow these steps:
Stop and disable the Print Spooler service
If stopping and disabling the Print Spooler service is appropriate for your environment, run the following in Windows PowerShell:
"Stop-Service -Name Spooler -Force"
"Set-Service -Name Spooler -StartupType Disabled "
Impact of workaround- stopping and disabling the Print Spooler service disables the ability to print both locally and remotely.