What is CVE-2021-1675?

CVE-2021-1675 is a high-severity vulnerability in Microsoft Windows Print Spooler that allows for remote code execution. Organizations must take immediate action to mitigate this risk, as exploitation can lead to significant impacts on confidentiality, integrity, and availability.

What is the severity of CVE-2021-1675?

CVE-2021-1675 has a severity rating of HIGH with a CVSS base score of 7.8.

Is CVE-2021-1675 in CISA KEV?

Yes. CVE-2021-1675 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2021-1675 | High Vulnerability in Microsoft Windows Print Spooler

CVE-2021-1675, a high-severity vulnerability in Microsoft Windows Print Spooler, allows attackers to execute arbitrary code remotely. The vulnerability has a CVSS score of 7.8, indicating a significant risk to organizations. Exploitation of this vulnerability can lead to unauthorized access and control over affected systems, which poses a critical security threat.

The Print Spooler service is commonly used by Windows operating systems, making this vulnerability particularly concerning. Attackers may leverage this flaw to gain elevated privileges, execute malicious payloads, or disrupt services, which can result in a loss of critical functionality.

Organizations are advised to prioritize patching this vulnerability immediately. The fact that it has been added to the Known Exploited Vulnerabilities catalog highlights the urgency for defenders to take action.

The potential impact of this vulnerability includes significant threats to confidentiality, integrity, and availability. Organizations should ensure that their systems are updated and protected against this type of exploitation.

Vulnerability Details

According to the official description, CVE-2021-1675 is characterized as a Windows Print Spooler Remote Code Execution Vulnerability. This vulnerability allows attackers to execute arbitrary code on the affected systems, leading to potential privilege escalation and unauthorized access.

The vulnerability has a CVSS score of 7.8, categorized as high severity. The attack vector is local, and the attack complexity is low, meaning that exploitation could be accomplished with minimal effort. No privileges are required to execute the attack, but user interaction is necessary.

This vulnerability affects multiple versions of Windows, including Windows 10 (various releases), Windows 7, Windows 8.1, and several Windows Server editions. Microsoft has provided patches and updates; organizations should review their systems and apply the necessary updates.

Technical Analysis

The root cause of CVE-2021-1675 is associated with improper handling of print jobs. Attackers can exploit this flaw by submitting specially crafted print jobs, allowing them to execute arbitrary code in the context of the Print Spooler service.

The attack vector is local, which means that the attacker must have access to the local network to exploit this vulnerability. The attack complexity is low, indicating that the exploit can be executed with relative ease.

No special privileges are required to exploit this vulnerability, and it does not require any user interaction. The impact on confidentiality, integrity, and availability is high, as successful exploitation could lead to unauthorized access and control over the affected systems.

Risk & Impact Analysis

The real-world deployment risk associated with CVE-2021-1675 is significant. Given the widespread use of the Print Spooler service across various Windows environments, the potential for exploitation is high. Attackers may leverage this vulnerability to gain unauthorized access to sensitive information or disrupt critical services.

Organizations must recognize the importance of patching this vulnerability promptly to prevent potential exploitation. The CVSS score of 7.8, along with its inclusion in the Known Exploited Vulnerabilities catalog, indicates that this vulnerability is actively being targeted by attackers.

The blast radius for this vulnerability is extensive, as it affects a wide range of Windows operating systems. Organizations must prioritize their patching efforts to mitigate the risk effectively.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	Yes
Ransomware Use	Yes

Affected Versions

CVE-2021-1675 affects the following versions of Microsoft Windows: Windows 10 (various versions), Windows 7, Windows 8.1, Windows Server 2004, Windows Server 2008, Windows Server 2012, Windows Server 2016, and Windows Server 2019. Organizations should ensure that they have patched all versions prior to the vendor's patches.

Mitigation & Remediation

Organizations must apply the patches provided by Microsoft to mitigate the risks associated with CVE-2021-1675. Ensure that updates are applied as per the vendor's instructions. If patches are not immediately available, consider implementing workarounds to restrict access to the Print Spooler service.

In addition to patching, organizations should also enhance their security posture by hardening configurations related to the Print Spooler service, limiting user access, and monitoring for unusual behavior indicative of exploitation attempts.

For more information on penetration testing and validating your security measures, organizations can refer to penetration testing services.

Detection Guidance

Organizations should monitor logs for indicators of exploitation related to CVE-2021-1675. Key indicators include unauthorized print job submissions, unusual network traffic patterns, and alterations to system files associated with the Print Spooler service.

Behavioral anomalies in user accounts interacting with the Print Spooler service should also be flagged for investigation. Implementing network signatures to detect suspicious activity can further enhance detection efforts.

AppSecure Threat Intelligence Insight

CVE-2021-1675 represents a significant threat to organizations leveraging Microsoft Windows. The Print Spooler vulnerability is a reminder of the importance of maintaining updated systems and employing proactive security measures to mitigate risks.

This incident also highlights the need for continuous security assessments. Regularly engaging in penetration testing and vulnerability management practices can help organizations stay ahead of potential threats.

Finally, organizations should leverage threat intelligence to inform their risk assessments. Understanding the landscape of known vulnerabilities, such as CVE-2021-1675, can assist in prioritizing remediation efforts, as seen in the use of this vulnerability in ransomware campaigns.

For further insights into evolving threats and strategies to mitigate them, organizations can explore vulnerability management programs and other relevant resources.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2021-1675: High Vulnerability in Microsoft Windows Print Spooler