CVE-2021-34481: 
vulnerability analysis and mitigation

A remote code execution vulnerability (CVE-2021-34481) was discovered in the Windows Print Spooler service when it improperly performs privileged file operations. The vulnerability was disclosed in July 2021 and affects various Windows operating systems. Microsoft completed their investigation and released security updates on August 10, 2021, to address this critical security issue (NVD).

The vulnerability has a CVSS v3.1 base score of 9.8 (CRITICAL) according to NVD assessment, with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Microsoft's assessment rated it slightly lower at 8.8 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-269 (Improper Privilege Management) (NVD).

An attacker who successfully exploits this vulnerability could execute arbitrary code with SYSTEM privileges. This level of access would allow the attacker to install programs, view, change, or delete data, and create new accounts with full user rights (NVD).

Microsoft released security updates on August 10, 2021, that change the Point and Print default behavior to require administrative privileges for driver installation. Organizations can manage this behavior using the RestrictDriverInstallationToAdministrators registry key. Additional mitigations include verifying RpcAuthnLevelPrivacyEnabled settings, enabling Security Prompts for Point and Print, and restricting users to connect only to trusted print servers (Microsoft Support).