CVE-2026-58608

Microsoft · Windows Print Spooler

A race condition in the Windows Print Spooler allows an authenticated attacker to execute arbitrary code over the network.

Executive summary

A race condition vulnerability in the Windows Print Spooler components allows an authenticated attacker to achieve remote code execution.

Vulnerability

This flaw stems from improper synchronization when using shared resources, specifically a race condition (CWE-362) and potential use-after-free (CWE-416) conditions. An attacker with low-level privileges can exploit this to execute code in the context of the print spooler service.

Business impact

The ability to execute arbitrary code on a system, even when requiring initial authentication, poses a severe risk to organizational security. This could allow an attacker to move laterally within the network, install persistent backdoors, or exfiltrate sensitive data from the host machine. The CVSS score of 8.8 underscores the critical nature of this vulnerability in an enterprise environment.

Remediation

Immediate Action: Install the latest Windows security updates for the affected versions of Windows 10 and 11 immediately.

Proactive Monitoring: Monitor for unusual Print Spooler service behavior, such as unexpected crashes or unauthorized process spawning originating from the spooler subsystem.

Compensating Controls: If patching is delayed, disable the Print Spooler service on systems where printing is not required to eliminate the attack surface.

Exploitation status

Public Exploit Available: No (exploit_available: false)

Analyst recommendation

Security teams should treat this vulnerability as a high priority due to the Print Spooler's history as an attack vector. Ensure all endpoints receive the relevant Microsoft monthly security patches to remediate the underlying synchronization flaws.