So Microsoft wanted to make it easy for a standard user to install a Printer without Administrator rights. There is a huge bug with the PrintSpooler service that has a huge vulnerability that was a EoP (Elevation of Privilege) affecting Windows 7 to Server 2019.
However this escalated to a RCE (Remote Code Execution). RCE refers to a bug by which cybercriminals can break into your computer in the first place, without needing any password for any account on your computer.
Microsoft released an update to fix it
At the same time this was going on a Zero-day exploit was on the rise. Researchers from the cybersecurity company Sangfor were going to present their paper about Print Spooler Bugs at the 2021 Black Hat conference in August but decided to release it early. Since the Print Spooler was recently patched they thought it would be alright since the vulnerability was fixed.
Well come to find out it was something completely different hiding in the exploit that wasn’t patched. In other words there were two security holes in it. One was patched and the other was not.
The Sangfor crew inadvertently documented an as-yet-undisclosed RCE bug, thus unintentionally unleashing a zero-day exploit. The researchers apparently took down the offending information once the mistake was figured out but by then it was too late, because the exploit code had already been downloaded and republished elsewhere. Pandora’s box had already been opened, and it was too late to close it up again.
The only way to fix this until a patch release is to disable the Print Spooler. However this will disable printing and can’t print anything. It’s good practice anyway to disable the Print Spooler if you don’t have a printer to free up resources in Windows but if you use a printer all the time you’re kind of screwed until then.
This is one of the many reasons why I left Windows in the dust and use Linux. Granted there are exploits in Linux as well but they are typically targeted on older software packages and an easy update fixes it. If it’s a major one it is typically fixed within hours after it has been known to the world.