Microsoft released an advisory for another bug in the Windows Print Spooler (CVE-2021-36958). Successful exploitation of this vulnerability allows a local hacker to gain SYSTEM privileges on a computer.

This vulnerability belongs to the class of bugs known as 'PrintNightmare'. These bugs abuse configuration settings for the Windows print spooler, print drivers, and the Windows Point and Print feature.

Microsoft released the emergency security updates in July to address the PrintNightmare Print Spooler vulnerability (CVE-2021-34527) and correctly fix the issue on all supported Windows versions. But cybersecurity researcher Benjamin Delpy recently found another bug from the PrintNightmare class, that allows an attacker to gain SYSTEM privileges by connecting to a remote print server. This vulnerability uses the CopyFile registry directive to copy a DLL file that opens a command prompt to the client along with a print driver when the user connects to a printer.

Microsoft has not yet released a security update for this bug, but users can mitigate the exploitation of this vulnerability by disabling the Print Spooler.