It seems there are still more undiscovered vulnerabilities lurking in the Windows 10 print queue and its associated services.
Just last week, Microsoft issued an official warning about a new CVE-2021-34481 issue, after the recent
KB5004945 update didn’t completely close the security gap. However, it does fix a related problem, so we’d still highly recommend downloading it.
An official patch for this new problem is yet to be released. Microsoft is still investigating which versions of Windows are affected – this may include the small number of devices still running Windows 8 and Windows 7. Fortunately, no attacks related to this specific vulnerability have been observed yet.
What is the CVE-2021-34481 vulnerability?
Like many similar issues in the past, the CVE-2021-34481 security gap affects the printer spooler. It gives hackers system-level user rights, allowing them to execute malicious code that can seriously harm your PC. This can be used to install programs, modify user data and even create new accounts with full system rights.
This vulnerability cannot be exploited directly by hackers, but combining it with a separate vulnerability removes any restrictions. While a lot of the code can be executed remotely, there’s also a method which involves tricking an unsuspecting user into clicking a malicious link within an email or message.
It may take a while for Microsoft to release an official patch. If any specific attacks are revealed, this should speed up the process. In the meantime, you’ll need to take matters into your own hands.
How to (temporarily) fix the CVE-2021-34481 vulnerability
While we wait for an update, Microsoft recommends turning off the print queue service, also known as the printer spooler:
- Open the Windows PowerShell app
- In the window that appears, type ‘Get-Service -Name Spooler’ and hit enter
- If you see a name displayed, check if it matches CVE-2021-34481. If no information appears, it’s worth proceeding with the turning it off anyway
- To stop the service, type ‘Stop-Service -Name Spooler –Force’ and hit enter
- You can then disable it by entering ‘Set-Service -Name Spooler -StartupType Disabled’ from the same window
This will avoid the vulnerability from potentially affecting your PC before an official patch is released. However, there is one big trade-off here – you’ll no longer be able to print from your device, both locally and via your home network.
A version of this article was originally published in German on our sister site,
Related articles for further reading