CVE-2021-36958
published 2021-08-12CVE-2021-36958: A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Affected
35 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_version_1507 | >= 10.0.0 < 10.0.10240.19060 | 10.0.10240.19060 |
| microsoft | windows_10_version_1607 | >= 10.0.0 < 10.0.14393.4651 | 10.0.14393.4651 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.2183 | 10.0.17763.2183 |
| microsoft | windows_10_version_1909 | >= 10.0.0 < 10.0.18363.1801 | 10.0.18363.1801 |
| microsoft | windows_10_version_2004 | >= 10.0.0 < 10.0.19041.1237 | 10.0.19041.1237 |
| microsoft | windows_10_version_20h2 | >= 10.0.0 < 10.0.19042.1237 | 10.0.19042.1237 |
| microsoft | windows_10_version_21h1 | >= 10.0.0 < 10.0.19043.1237 | 10.0.19043.1237 |
| microsoft | windows_7 | >= 6.1.0 < 6.1.7601.25712 | 6.1.7601.25712 |
| microsoft | windows_7_service_pack_1 | >= 6.1.0 < 6.1.7601.25712 | 6.1.7601.25712 |
| microsoft | windows_8.1 | >= 6.3.0 < 6.3.9600.20120 | 6.3.9600.20120 |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.0.0 < 6.1.7601.25712 | 6.1.7601.25712 |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.0 < 6.1.7601.25712 | 6.1.7601.25712 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.0 < 6.0.6003.21218 | 6.0.6003.21218 |
| microsoft | windows_server_2012 | >= 6.2.0 < 6.2.9200.23462 | 6.2.9200.23462 |
| microsoft | windows_server_2012_r2 | >= 6.3.0 < 6.3.9600.20120 | 6.3.9600.20120 |
| microsoft | windows_server_2016 | >= 10.0.0 < 10.0.14393.4651 | 10.0.14393.4651 |
| microsoft | windows_server_2019 | >= 10.0.0 < 10.0.17763.2183 | 10.0.17763.2183 |
| microsoft | windows_server_version_2004 | >= 10.0.0 < 10.0.19041.1237 | 10.0.19041.1237 |
| microsoft | windows_server_version_20h2 | >= 10.0.0 < 10.0.19042.1237 | 10.0.19042.1237 |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_1909 | — | — |
| msrc | windows_10_version_2004 | — | — |
| msrc | windows_10_version_20h2 | — | — |
GHSA
GHSA-8xmh-9r43-r5g8: Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36947, CVE-2021-36958
ghsa_unreviewed·2022-05-24·CVSS 8.8
CVE-2021-36936 [HIGH] GHSA-8xmh-9r43-r5g8: Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36947, CVE-2021-36958
Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36947, CVE-2021-36958.
GHSA
GHSA-37q4-472r-ppmr: Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36936, CVE-2021-36947
ghsa_unreviewed·2022-05-24·CVSS 8.8
CVE-2021-36958 [HIGH] GHSA-37q4-472r-ppmr: Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36936, CVE-2021-36947
Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36936, CVE-2021-36947.
GHSA
GHSA-7954-w5x3-x4x7: Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36936, CVE-2021-36958
ghsa_unreviewed·2022-05-24·CVSS 8.8
CVE-2021-36947 [HIGH] GHSA-7954-w5x3-x4x7: Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36936, CVE-2021-36958
Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36936, CVE-2021-36958.
Microsoft
Windows Print Spooler Remote Code Execution Vulnerability
vendor_msrc·2021-08-10·CVSS 7.8
CVE-2021-36958 [HIGH] Windows Print Spooler Remote Code Execution Vulnerability
Windows Print Spooler Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
FAQ: When will Microsoft release a security update for this vulnerability?
Update: September 14, 2021 - We have completed the investigation and have released the September 2021 security updates to address this vulnerability. Please see the Security Updates table.
What versions of Windows are affected by this vulnerability?
Update: September 14, 2021 - The September 202
No detection rules found.
No public exploits indexed.
Securelist
IT threat evolution in Q3 2021. PC statistics
blogs_securelist·2021-11-26
IT threat evolution in Q3 2021. PC statistics
Table of Contents
Quarterly figures
Financial threats
Financial threat statistics
Ransomware programs
Quarterly trends and highlights
Attack on Kaseya and the REvil story
The arrival of BlackMatter: DarkSide restored?
Q3 closures
Exploitation of vulnerabilities and new attack methods
Number of new ransomware modifications
Number of users attacked by ransomware Trojans
Geography of ransomware attacks
Top 10 most common families of ransomware Trojans
Miners
Number of new miner modifications
Number of users attacked by miners
Geography of miner attacks
Vulnerable applications used by cybercriminals during cyberattacks
Quarter highlights
Statistics
Attacks on macOS
Geography of threats for macOS
IoT attacks
IoT threat statistics
Attacks via web resources
Countries tha
Securelist
IT threat evolution in Q3 2021. PC statistics
blogs_securelist·2021-11-26
IT threat evolution in Q3 2021. PC statistics
Table of Contents
- Quarterly figures
- Financial threats
- Ransomware programs
- Number of users attacked by ransomware Trojans
- Geography of ransomware attacks
- Top 10 most common families of ransomware Trojans
- Miners
- Vulnerable applications used by cybercriminals during cyberattacks
- Attacks on macOS
- IoT attacks
- Attacks via web resources
- Local threats
Authors
- AMR
- IT threat evolution Q3 2021
- IT threat evolution in Q3 2021. PC statistics
- IT threat evolution in Q3 2021. Mobile statistics
These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data.
## Quarterly figures
According to Kaspersky Security Network, in Q3 2021:
- Kaspersky solutions blocked 1,098,968,315 attacks from online reso
Checkpoint
20th September – Threat Intelligence Report
blogs_checkpoint·2021-09-19·CVSS 7.8
CVE-2021-40444 [HIGH] 20th September – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 20th September – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 20th September, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Check Point Research has seen a global surge in the black market for fake COVID-19 vaccine certificates on Telegram, following US President Biden’s vaccine mandate announcements. The black market has expanded to serve 28 countries, including Austria, UAE, Brazil, UK, Singapore and more. The price for fake vaccine cert
Qualys
Microsoft and Adobe Patch Tuesday (September 2021) – Microsoft 60 Vulnerabilities with 3 Critical, Adobe 61 Vulnerabilities
blogs_qualys·2021-09-14·CVSS 8.1
CVE-2021-40444 [HIGH] Microsoft and Adobe Patch Tuesday (September 2021) – Microsoft 60 Vulnerabilities with 3 Critical, Adobe 61 Vulnerabilities
## Microsoft Patch Tuesday – September 2021
Microsoft patched 60 vulnerabilities in their September 2021 Patch Tuesday release, and an additional 26 CVEs since September 1st. Among the 60 released in the September Patch Tuesday, 3 of them are rated as critical severity, one as moderate, and 56 as important.
## Critical Microsoft Vulnerabilities Patched
CVE-2021-40444 – Microsoft MSHTML Remote Code Execution Vulnerability
This vulnerability has been publicly disclosed and is known to be exploited. The vulnerability allows for remote code execution via MSHTML, a component used by Internet Explorer and Office. Microsoft also released a workaround to show how users can disable ActiveX controls in IE. The vendor has assigned a CVSSv3 base score of 8.8. It should be prioritized for patching.
Tenable
Microsoft’s September 2021 Patch Tuesday Addresses 60 CVEs (CVE-2021-40444)
blogs_tenable·2021-09-14·CVSS 8.8
[HIGH] Microsoft’s September 2021 Patch Tuesday Addresses 60 CVEs (CVE-2021-40444)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
The PrintNightmare Continues: Another Zero-Day in Print Spooler Awaits Patch (CVE-2021-36958)
blogs_tenable·2021-08-19·CVSS 7.8
[HIGH] The PrintNightmare Continues: Another Zero-Day in Print Spooler Awaits Patch (CVE-2021-36958)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Checkpoint
16th August – Threat Intelligence Report
blogs_checkpoint·2021-08-16
CVE-2021-34473 16th August – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 16th August – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 16th August, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Check Point Research has revealed that the threat actor behinds last month’s cyber-attack on Iran’s train system is “Indra”, a group that identifies itself as Iranian regime opposition. They used similar tools in an attack against companies in Syria in 2019.
Poly Network, a China-based cross-chain decentralized finance (De
Trendmicro
Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One
blogs_trendmicro·2021-08-12·CVSS 7.8
[HIGH] Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One
## Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One
We look into the different implementations of PrintNightmare and include recommendations on how security teams can safeguard their workloads.
By: Trend Micro Aug 12, 2021 Read time: ( words)
Save to Folio
Update as of August 18, 2:54 a.m. EDT: We updated the section "Trend Micro Vision One™ Hunting Queries" (search queries) to include the latest indicators. Specifically, Figures 21 and 25 address events for the latest PrintNightmare implementation under CVE-2021-36958.
PrintNightmare is one of the latest set of exploits abused for the Print Spooler vulnerabilities that have been identified as CVE-2021-1675 , CVE-2021-34527 , CVE-2021-34481 , and CVE-2021-36958 . It is a code execution vulnerability
Trendmicro
Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One
blogs_trendmicro·2021-08-12·CVSS 7.8
[HIGH] Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One
## Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One
We look into the different implementations of PrintNightmare and include recommendations on how security teams can safeguard their workloads.
By: Trend Micro 2021/08/12 Read time: ( words)
Save to Folio
Update as of August 18, 2:54 a.m. EDT: We updated the section "Trend Micro Vision One™ Hunting Queries" (search queries) to include the latest indicators. Specifically, Figures 21 and 25 address events for the latest PrintNightmare implementation under CVE-2021-36958.
PrintNightmare is one of the latest set of exploits abused for the Print Spooler vulnerabilities that have been identified as CVE-2021-1675 , CVE-2021-34527 , CVE-2021-34481 , and CVE-2021-36958 . It is a code execution vulnerability (
Trendmicro
Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One
blogs_trendmicro·2021-08-12·CVSS 7.8
[HIGH] Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One
# Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One
We look into the different implementations of PrintNightmare and include recommendations on how security teams can safeguard their workloads.
By: Trend Micro
2021/08/12
Read time: ( words)
Save to Folio
Update as of August 18, 2:54 a.m. EDT: We updated the section "Trend Micro Vision One™ Hunting Queries" (search queries) to include the latest indicators. Specifically, Figures 21 and 25 address events for the latest PrintNightmare implementation under CVE-2021-36958.
PrintNightmare is one of the latest set of exploits abused for the Print Spooler vulnerabilities that have been identified as CVE-2021-1675, CVE-2021-34527, CVE-2021-34481, and CVE-2021-36958. It is a code execution vulnerability (both
Trendmicro
Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One
blogs_trendmicro·2021-08-12·CVSS 7.8
[HIGH] Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One
## Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One
We look into the different implementations of PrintNightmare and include recommendations on how security teams can safeguard their workloads.
By: Trend Micro Aug 12, 2021 Read time: ( words)
Save to Folio
Update as of 18 August, 2:54 a.m. EDT: We updated the section "Trend Micro Vision One™ Hunting Queries" (search queries) to include the latest indicators. Specifically, Figures 21 and 25 address events for the latest PrintNightmare implementation under CVE-2021-36958.
PrintNightmare is one of the latest set of exploits abused for the Print Spooler vulnerabilities that have been identified as CVE-2021-1675 , CVE-2021-34527 , CVE-2021-34481 , and CVE-2021-36958 . It is a code execution vulnerability
2021-08-12
Published