To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

CVE-2021-34481 - Windows Print Spooler Elevation of Privilege Vulnerability

JohnConnor
JohnConnor W/ Alumni Posts: 4 Security Scout
edited January 2022 in WithSecure Business Suite

Does F-Secure Server Security and Client Security protect against the vulnerability CVE-2021-34481 ?

Is there a newsletter or similar channel to get such information quickly?

Thanks - John!

Best Answer

  • MonikaL
    MonikaL W/ Alumni Posts: 206 W/ Former Staff
    Answer ✓

    Hi John,

    Yes, F-Secure products protect against the vulnerability CVE-2021-34481. This DB was released at the end of the last week.


    If any attacker would try to exploit this PrintNightmare (CVE-2021-34527) vulnerability, the DeepGuard feature present in all F-Secure endpoint products blocks this suspicious behavior with the detection Exploit:W32/SpoolSVLaunch.A!DeepGuard. 

    Microsoft has also updated their advisory and released an out-of-band patch for certain Windows version (Updates are not yet available for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012). One change after applying this patch is that non-admin will now only be able to install new signed printer drivers. Unsigned printer driver will require administrator rights to install successfully.

    https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7

Answers

  • MonikaL
    MonikaL W/ Alumni Posts: 206 W/ Former Staff

    Hi John,

    Yes, F-Secure products protect against the vulnerability CVE-2021-34481. This DB was released at the end of the last week.

  • JohnConnor
    JohnConnor W/ Alumni Posts: 4 Security Scout

    Hello Monika,

    thank you very much for the quick reply.

    Just to be sure I have my CVE-2021-34481 from 07/16 - Friday! 

    (Not CVE-2021-34527 and CVE-2021-1675).

    Thanks John!

  • JohnConnor
    JohnConnor W/ Alumni Posts: 4 Security Scout

    Sorry, in English:

    Just to be sure I asked for CVE-2021-34481 from 07/16 - Friday! 

This discussion has been closed.