CVE-2021-1675
Published: 08 June 2021
Summary
CVE-2021-1675 is a high-severity an unspecified weakness vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-5 (Access Restrictions for Change) and SI-3 (Malicious Code Protection).
Deeper analysis
CVE-2021-1675 is a remote code execution vulnerability affecting the Windows Print Spooler component. It carries a CVSS 3.1 base score of 7.8 and is tracked under NVD-CWE-Other.
The vulnerability can be exploited by an attacker who supplies a malicious printer driver or print job. With local access, no privileges, and user interaction, successful exploitation grants full control over confidentiality, integrity, and availability on the affected system.
Public references include the Microsoft Security Response Center advisory for CVE-2021-1675, the CERT/CC vulnerability note VU#383432, and multiple proof-of-concept artifacts published on Packet Storm that demonstrate Print Spooler remote DLL injection and code execution.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-7142
Vulnerability details
Windows Print Spooler Remote Code Execution Vulnerability
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Restricts installation or modification of printer drivers, directly blocking the malicious driver or print job vector used in CVE-2021-1675.
Provides malicious code scanning and blocking for untrusted print jobs or drivers before they execute in the spooler.
Enforces integrity verification of drivers and spooler components to detect tampering prior to loading.