CVE-2021-34481 - Windows Print Spooler Elevation of Privilege Vulnerability

JohnConnor

Does F-Secure Server Security and Client Security protect against the vulnerability CVE-2021-34481 ?

Is there a newsletter or similar channel to get such information quickly?

Thanks - John!

MonikaL

Hi John,

Yes, F-Secure products protect against the vulnerability CVE-2021-34481. This DB was released at the end of the last week.

If any attacker would try to exploit this PrintNightmare (CVE-2021-34527) vulnerability, the DeepGuard feature present in all F-Secure endpoint products blocks this suspicious behavior with the detection Exploit:W32/SpoolSVLaunch.A!DeepGuard. 

Microsoft has also updated their advisory and released an out-of-band patch for certain Windows version (Updates are not yet available for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012). One change after applying this patch is that non-admin will now only be able to install new signed printer drivers. Unsigned printer driver will require administrator rights to install successfully.

https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7

MonikaL

Hi John,

Yes, F-Secure products protect against the vulnerability CVE-2021-34481. This DB was released at the end of the last week.

JohnConnor

Hello Monika,

thank you very much for the quick reply.

Just to be sure I have my CVE-2021-34481 from 07/16 - Friday! 

(Not CVE-2021-34527 and CVE-2021-1675).

Thanks John!

JohnConnor

Sorry, in English:

Just to be sure I asked for CVE-2021-34481 from 07/16 - Friday!