9.3
CVSSv2

CVE-2021-36958

Published: 12/08/2021 Updated: 24/08/2021
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Microsoft Windows Print Spooler Remote Code Execution Vulnerability. A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The workaround for this vulnerability is stopping and disabling the Print Spooler service. The vulnerability is rated as “exploitation more likely” by Microsoft.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows -

Github Repositories

Mimispoolps1 Just a very small script to install, uninstall or connect to gentilwiki's Mimispool printer Used to exploit the PrintNightmare vulnerability (CVE-2021-36958) for local privilege escalation Usage Import the Module \Mimispoolps1 Install Printer Install-KiwiPrinter Uninstall Prin

Recent Articles

Microsoft's end-of-summer software security cleanse crushes more than 80 bugs
The Register • Thomas Claburn in San Francisco • 15 Sep 2021

Get our weekly newsletter Azure agent in Linux guests fixed, MSHTML exploit tackled, and much more – Plus: Adobe and SAP issue updates

Patch Tuesday For its September Patch Tuesday, Microsoft churned out fixes for 66 vulnerabilities alongside 20 Chromium security bugs in Microsoft Edge.
Affected products include: Azure, Edge (Android, Chromium, and iOS), Office, SharePoint Server, Windows, Windows DNS, and the Windows Subsystem for Linux.
Of these CVEs, three are rated critical, one is rated moderate, and the remainder are considered important.
One of the already publicly disclosed CVEs resolves a critical zer...

Microsoft's end-of-summer software security cleanse crushes more than 80 bugs
The Register • Thomas Claburn in San Francisco • 15 Sep 2021

Get our weekly newsletter Patch Tuesday fiesta also sees Adobe and SAP tidying up

Patch Tuesday For its September Patch Tuesday, Microsoft churned out fixes for 66 vulnerabilities, alongside 20 Chromium bugs in Microsoft Edge.
Affected products include: Azure, Edge (Android, Chromium, and iOS), Office, SharePoint Server, Windows, Windows DNS, and the Windows Subsystem for Linux.
Of these CVEs, three are rated critical, one is rated moderate, and the remainder are considered important.
One of the publicly disclosed CVEs, dating back to September 7, resolves a...

Microsoft fixes remaining Windows PrintNightmare vulnerabilities
BleepingComputer • Lawrence Abrams • 14 Sep 2021

Microsoft has released a security update to fix the last remaining PrintNightmare zero-day vulnerabilities that allowed attackers to gain administrative privileges on Windows devices quickly.
In June, a zero-day Windows print spooler vulnerability dubbed PrintNightmare (CVE-2021-34527) was 
. This vulnerability exploits the Windows 
 feature to perform remote code execution and gain local SYSTEM privileges.
While Microsoft released two security updates to fix various P...

Microsoft confirms another Windows print spooler zero-day bug
BleepingComputer • Lawrence Abrams • 11 Aug 2021

Microsoft has issued an advisory for another zero-day Windows print spooler vulnerability tracked as CVE-2021-36958 that allows local attackers to gain SYSTEM privileges on a computer.
This vulnerability is part of a class of bugs known as '
,' which abuses configuration settings for the Windows print spooler, print drivers, and the Windows Point and Print feature.
Microsoft released security updates in both
and
to fix various PrintNightmare vulnerabilities.