A proof-of-concept (PoC) exploit related to a remote code execution vulnerability affecting Windows Print Spooler and patched by Microsoft earlier this month was briefly published online before being taken down.
Identified as CVE-2021-1675, the security issue could grant remote attackers full control of vulnerable systems. Print Spooler manages the printing process in Windows, including loading the appropriate printer drivers and scheduling the print job for printing, among others.
Print Spooler flaws are concerning, not least because of the wide attack surface, but also owing to the fact that it runs at the highest privilege level and is capable of dynamically loading third-party binaries.
The Windows maker addressed the vulnerability as part of its Patch Tuesday update on June 8, 2021. But almost two weeks later, Microsoft revised the flaw’s impact from an elevation of privilege to remote code execution (RCE) as well as upgraded the severity level from Important to Critical.
“Either the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or remotely (e.g., SSH); or the attacker relies on User Interaction by another person to…