KLA12213
Critical vulnerability in Windows Print Spooler

Updated: 07/08/2021
Detect date
?
07/01/2021
Severity
?
Critical
Description

Critical vulnerability was found in Windows Print Spooler. Malicious users can exploit this vulnerability to execute arbitrary code.

Exploitation

The following public exploits exists for this vulnerability:

https://github.com/byt3bl33d3r/ItWasAllADream

https://github.com/cube0x0/CVE-2021-1675

https://github.com/JohnHammond/CVE-2021-34527

Affected products

Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server 2012
Windows RT 8.1
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 for 32-bit Systems
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for x64-based systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2016 (Server Core installation)
Windows 8.1 for 32-bit systems
Windows Server 2012 (Server Core installation)
Windows 10 Version 21H1 for 32-bit Systems
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012 R2
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server, version 2004 (Server Core installation)
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 1809 for x64-based Systems

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2021-34527

Impacts
?
ACE 
[?]
Related products
Microsoft Windows
Microsoft Windows Server
Microsoft Windows Server 2012
Microsoft Windows 8
Microsoft Windows 7
Microsoft Windows Server 2008
Windows RT
Microsoft Windows 10
CVE-IDS
?
CVE-2021-345270.0Unknown
KB list

5004948
5004955
5004945
5004959
5004946
5004958
5004954
5004953
5004950
5004951
5004956
5004960
5004947

Find out the statistics of the vulnerabilities spreading in your region