HomeWinBuzzer NewsMicrosoft Confirms PrintNightmare is Back with New Windows Print Spooler Flaw

Microsoft Confirms PrintNightmare is Back with New Windows Print Spooler Flaw

Microsoft is describing a new PrintNightmare vulnerability in Windows Print Spooler, which gives attackers escalated privileges.


If you thought the security flaws in 's Windows Print Spooler were over, think again. The company has confirmed a new vulnerability in the service following recent bugs that have left customers exposed to so-called PrintNightmare attacks.

According to Microsoft, this is a code execution flaw within Windows Print Spooler that gives incorrect file privileges. It has been given the ID number CVE-2021-36958 and has the following official description:

“A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Microsoft is noting this problem as a remote code execution (RCE) vulnerability. However, some people disagree, including CERT's Will Dormann, who told Bleeping Computer “it's clearly local (LPE)”. Interesting, Microsoft also describes the flaw as a local privilege escalation in the documentation.

It could just be an accident on Microsoft's part. By the way, the company says a fix is being worked on but until then it is time to turn off the Windows Print Spooler once again.


PrintNightmare started as From an exploit PoC accidentally leaking online in June, to Microsoft later issuing an emergency out of band patch.

PrintNightmare was spotted by security researchers at Sangfor, the flaw became active when the group accidentally released the proof-of-concept (PoC). This gave attackers the knowledge of how to exploit the flaw, meaning they could conduct remote execution code attacks to gain system-level privileges.

Print Spooler is a service on Windows that runs by default. It is also an older component of the platform, which means all Windows versions are affected.

Tip of the day: By default, the most used apps group in your start menu shows the six most frequently used apps. However, you can customize your Windows 10 Start Menu to exclude certain apps from the list or get rid of the most used apps section entirely.

Last Updated on February 14, 2022 8:22 pm CET

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News