In regards to CVE202-34527 and Xerox Workplace Cloud, we have reviewed the vulnerability and XWC primary workflows are not vulnerable to this issue. This evaluation includes both our client and cloud-hosted architecture. The issue is primarily exploitable for traditional print servers which XWC does not use to deliver the XWC service. The vulnerability requires an authenticated user to the server executing remote procedure calls against the spooler service to gain elevated privileges to the server.
There is one submission workflow in XWC, the “windows shared print queue” available in the XWC Agent inbound queue configuration, which is vulnerable to this security issue but is not a widely used workflow. If a customer who is using this workflow wants to disable it until a patch is available from Microsoft they may do so, but in the meantime, printing will not be available using the workflow. There are no workarounds for this issue and a patch must be provided from Microsoft.