A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. A threat actor can exploit this vulnerability to run arbitrary code with System privileges. The actor can then install programs, view, change, delete data, and create accounts with full user rights. MACC allows this vulnerability because it has SpoolSV.exe as an updater for print spooler. SpoolSV.exe is considered an updater in the McAfee Default policy under the Office Printer HP 2300 Series Rule group.

To address this issue, Microsoft has released a security update for Windows Server 2012, Windows Server 2016, and Windows 10 Version 1607 on July 13, 2021. Go the Windows Print Spooler Remote Code Execution Vulnerability site and see the Security Updates table for the update applicable for your system.

NOTE: McAfee recommends that you install these updates immediately. If you can't install these updates, see the FAQ and workaround sections in the above link, to learn how to protect your system from this vulnerability. Microsoft doesn’t have patches for Windows 7 and earlier legacy operating systems. 


For Windows 8 and later
You must download the security updates your operating system. See Microsoft CVE-2021-34527.

For Windows 7 and earlier
You must remove the Office Printer HP 2300 Series from your policy if you’re using the McAfee Default rule group:

1. In the McAfee ePO console, go to Menu, Policy, Policy Catalog.
2. Select the Solidcore 8.3.x: Application Control Rules (Windows) and select the McAfee Default policy.
3. Click View, Duplicate for the McAfee Default policy.
4. Specify the policy name, and click OK.
5. Click your duplicated policy name and click Edit.
6. Find the Rule group Office printer HP 2300 Series and click Remove.
7. Save the duplicated policy and apply it to your systems that run Windows 7 and earlier.

NOTE: Removing SpoolSV.exe from updaters list can cause print-related issues when Application Control is enabled. Breaking inheritance between the policy and rule group, the McAfee Default policy can cause McAfee Default rule groups to not update in duplicated policy.