CVE-2021-34481
published 2021-07-16CVE-2021-34481: A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
UPDATE August 10, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. This security update changes the Point and Print default behavior; please see KB5005652.
Affected
43 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1507 | >= 10.0.0 < 10.0.10240.19022 | 10.0.10240.19022 |
| microsoft | windows_10_version_1607 | >= 10.0.0 < 10.0.14393.4583 | 10.0.14393.4583 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.2114 | 10.0.17763.2114 |
| microsoft | windows_10_version_1909 | >= 10.0.0 < 10.0.18363.1734 | 10.0.18363.1734 |
| microsoft | windows_10_version_2004 | >= 10.0.0 < 10.0.19041.1165 | 10.0.19041.1165 |
| microsoft | windows_10_version_20h2 | >= 10.0.0 < 10.0.19042.1165 | 10.0.19042.1165 |
| microsoft | windows_10_version_21h1 | >= 10.0.0 < 10.0.19043.1165 | 10.0.19043.1165 |
| microsoft | windows_7 | >= 6.1.0 < 6.1.7601.25685 | 6.1.7601.25685 |
| microsoft | windows_7_service_pack_1 | >= 6.1.0 < 6.1.7601.25685 | 6.1.7601.25685 |
| microsoft | windows_8.1 | >= 6.3.0 < 6.3.9600.20094 | 6.3.9600.20094 |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.0.0 < 6.1.7601.25685 | 6.1.7601.25685 |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.0 < 6.1.7601.25685 | 6.1.7601.25685 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.0 < 6.0.6003.21192 | 6.0.6003.21192 |
| microsoft | windows_server_2012 | >= 6.2.0 < 6.2.9200.23435 | 6.2.9200.23435 |
| microsoft | windows_server_2012_r2 | >= 6.3.0 < 6.3.9600.20094 | 6.3.9600.20094 |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | >= 10.0.0 < 10.0.14393.4583 | 10.0.14393.4583 |
| microsoft | windows_server_2019 | >= 10.0.0 < 10.0.17763.2114 | 10.0.17763.2114 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck8.8HIGH
Microsoft
Windows Print Spooler Remote Code Execution Vulnerability
vendor_msrc·2021-07-13·CVSS 8.8
CVE-2021-34481 [HIGH] Windows Print Spooler Remote Code Execution Vulnerability
Windows Print Spooler Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
UPDATE August 10, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. This security update changes the Point and Print default behavior; please see KB5005652.
FAQ: Why did
GHSA
GHSA-6m3c-jc2v-9h92: Windows Print Spooler Elevation of Privilege Vulnerability
ghsa_unreviewed·2022-05-24
CVE-2021-34481 [HIGH] CWE-269 GHSA-6m3c-jc2v-9h92: Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
VulnCheck
Microsoft Windows Improper Privilege Management
vulncheck·2021·CVSS 8.8
CVE-2021-34481 [HIGH] Microsoft Windows Improper Privilege Management
Microsoft Windows Improper Privilege Management
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
UPDATE August 10, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. This security update changes the Point and Print default behavior; please see KB5005652.
Affected: Microsoft Windows
Require
No detection rules found.
No public exploits indexed.
Tenable
The PrintNightmare Continues: Another Zero-Day in Print Spooler Awaits Patch (CVE-2021-36958)
blogs_tenable·2021-08-19·CVSS 7.8
[HIGH] The PrintNightmare Continues: Another Zero-Day in Print Spooler Awaits Patch (CVE-2021-36958)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Trendmicro
Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One
blogs_trendmicro·2021-08-12·CVSS 7.8
[HIGH] Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One
## Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One
We look into the different implementations of PrintNightmare and include recommendations on how security teams can safeguard their workloads.
By: Trend Micro Aug 12, 2021 Read time: ( words)
Save to Folio
Update as of August 18, 2:54 a.m. EDT: We updated the section "Trend Micro Vision One™ Hunting Queries" (search queries) to include the latest indicators. Specifically, Figures 21 and 25 address events for the latest PrintNightmare implementation under CVE-2021-36958.
PrintNightmare is one of the latest set of exploits abused for the Print Spooler vulnerabilities that have been identified as CVE-2021-1675 , CVE-2021-34527 , CVE-2021-34481 , and CVE-2021-36958 . It is a code execution vulnerability
Trendmicro
Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One
blogs_trendmicro·2021-08-12·CVSS 7.8
[HIGH] Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One
## Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One
We look into the different implementations of PrintNightmare and include recommendations on how security teams can safeguard their workloads.
By: Trend Micro 2021/08/12 Read time: ( words)
Save to Folio
Update as of August 18, 2:54 a.m. EDT: We updated the section "Trend Micro Vision One™ Hunting Queries" (search queries) to include the latest indicators. Specifically, Figures 21 and 25 address events for the latest PrintNightmare implementation under CVE-2021-36958.
PrintNightmare is one of the latest set of exploits abused for the Print Spooler vulnerabilities that have been identified as CVE-2021-1675 , CVE-2021-34527 , CVE-2021-34481 , and CVE-2021-36958 . It is a code execution vulnerability (
Trendmicro
Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One
blogs_trendmicro·2021-08-12·CVSS 7.8
[HIGH] Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One
# Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One
We look into the different implementations of PrintNightmare and include recommendations on how security teams can safeguard their workloads.
By: Trend Micro
2021/08/12
Read time: ( words)
Save to Folio
Update as of August 18, 2:54 a.m. EDT: We updated the section "Trend Micro Vision One™ Hunting Queries" (search queries) to include the latest indicators. Specifically, Figures 21 and 25 address events for the latest PrintNightmare implementation under CVE-2021-36958.
PrintNightmare is one of the latest set of exploits abused for the Print Spooler vulnerabilities that have been identified as CVE-2021-1675, CVE-2021-34527, CVE-2021-34481, and CVE-2021-36958. It is a code execution vulnerability (both
Trendmicro
Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One
blogs_trendmicro·2021-08-12·CVSS 7.8
[HIGH] Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One
## Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One
We look into the different implementations of PrintNightmare and include recommendations on how security teams can safeguard their workloads.
By: Trend Micro Aug 12, 2021 Read time: ( words)
Save to Folio
Update as of 18 August, 2:54 a.m. EDT: We updated the section "Trend Micro Vision One™ Hunting Queries" (search queries) to include the latest indicators. Specifically, Figures 21 and 25 address events for the latest PrintNightmare implementation under CVE-2021-36958.
PrintNightmare is one of the latest set of exploits abused for the Print Spooler vulnerabilities that have been identified as CVE-2021-1675 , CVE-2021-34527 , CVE-2021-34481 , and CVE-2021-36958 . It is a code execution vulnerability
Krebs
Microsoft Patch Tuesday, August 2021 Edition
blogs_krebs·2021-08-10·CVSS 7.8
CVE-2021-36948 [HIGH] Microsoft Patch Tuesday, August 2021 Edition
Microsoft today released software updates to plug at least 44 security vulnerabilities in its Windows operating systems and related products. The software giant warned that attackers already are pouncing on one of the flaws, which ironically enough involves an easy-to-exploit bug in the software component responsible for patching Windows 10 PCs and Windows Server 2019 machines.
Microsoft said attackers have seized upon CVE-2021-36948, which is a weakness in the Windows Update Medic service. Update Medic is a new service that lets users repair Windows Update components from a damaged state so that the device can continue to receive updates.
Redmond says while CVE-2021-36948 is being actively exploited, it is not aware of exploit code publicly available. The flaw is an “elevation of privil
Krebs
Microsoft Patch Tuesday, August 2021 Edition
blogs_krebs·2021-08-10·CVSS 7.8
CVE-2021-36948 [HIGH] Microsoft Patch Tuesday, August 2021 Edition
Microsoft today released software updates to plug at least 44 security vulnerabilities in its Windows operating systems and related products. The software giant warned that attackers already are pouncing on one of the flaws, which ironically enough involves an easy-to-exploit bug in the software component responsible for patching Windows 10 PCs and Windows Server 2019 machines.
Microsoft said attackers have seized upon CVE-2021-36948 , which is a weakness in the Windows Update Medic service. Update Medic is a new service that lets users repair Windows Update components from a damaged state so that the device can continue to receive updates.
Redmond says while CVE-2021-36948 is being actively exploited, it is not aware of exploit code publicly available. The flaw is an “elevation of privi
Qualys
Microsoft and Adobe Patch Tuesday (August 2021) - Microsoft 51 Vulnerabilities with 7 Critical, Adobe 29 Vulnerabilities | Qualys
blogs_qualys·2021-08-10·CVSS 8.8
CVE-2021-36942 [HIGH] Microsoft and Adobe Patch Tuesday (August 2021) - Microsoft 51 Vulnerabilities with 7 Critical, Adobe 29 Vulnerabilities | Qualys
### Microsoft Patch Tuesday – August 2021
Microsoft patched 51 vulnerabilities in their August 2021 Patch Tuesday release, and 7 of them are rated as critical severity. Three 0-day vulnerability patches were included in the release.
#### Critical Microsoft Vulnerabilities Patched
CVE-2021-36942 – Windows LSA Spoofing Vulnerability
An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. A malicious user can use this attack to take complete control over windows domain Per Microsoft, this vulnerability affects all servers, but domain controllers should be prioritized in terms of applying security updates.
CVE-2021-34481 – Windows Print Spooler Remote Code Execution Vulnerability
A remote
Qualys
Microsoft and Adobe Patch Tuesday (August 2021) – Microsoft 51 Vulnerabilities with 7 Critical, Adobe 29 Vulnerabilities
blogs_qualys·2021-08-10·CVSS 7.0
CVE-2021-36942 [HIGH] Microsoft and Adobe Patch Tuesday (August 2021) – Microsoft 51 Vulnerabilities with 7 Critical, Adobe 29 Vulnerabilities
## Microsoft Patch Tuesday – August 2021
Microsoft patched 51 vulnerabilities in their August 2021 Patch Tuesday release, and 7 of them are rated as critical severity. Three 0-day vulnerability patches were included in the release.
## Critical Microsoft Vulnerabilities Patched
CVE-2021-36942 – Windows LSA Spoofing Vulnerability
An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. A malicious user can use this attack to take complete control over windows domain Per Microsoft, this vulnerability affects all servers, but domain controllers should be prioritized in terms of applying security updates.
CVE-2021-34481 – Windows Print Spooler Remote Code Execution Vulnerability
A remote cod
Checkpoint
19th July – Threat Intelligence Report
blogs_checkpoint·2021-07-19
CVE-2021-30563 19th July – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 19th July – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 19th July, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
An ongoing Chinese APT espionage campaign tracked as “LuminousMoth” has been targeting entities from Southeast Asia including Mongolia, Myanmar, and the Philippines.
Ecuador’s state-run national telecommunication corporation (CNT) has been hit by RansomEXX ransomware. The attack caused havoc in the business operations, the pay
Crowdstrike
Patch Tuesday 2021: A Vulnerability Deep Dive
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] Patch Tuesday 2021: A Vulnerability Deep Dive
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
Crowdstrike
August 2021 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] August 2021 Patch Tuesday: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
Crowdstrike
Patch Tuesday 2021: A Vulnerability Deep Dive
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] Patch Tuesday 2021: A Vulnerability Deep Dive
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
Crowdstrike
Category
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] Category
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
Crowdstrike
August 2021 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] August 2021 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2021-07-16
Published