Windows Print Spooler service that helps PCs manage the flow of print jobs being sent to a printer or print server.
Dubbed PrintNightmare (CVE-2021-1675) by researchers; Microsoft acknowledged the vulnerability however after an apparent miscommunication, researchers published and then deleted a proof-of-concept (PoC) exploit code of the vulnerability on Github.
We deleted the POC of PrintNightmare. To mitigate this vulnerability, please update Windows to the latest version, or disable the Spooler service. For more RCE and LPE in Spooler, stay tuned and wait our Blackhat talk. https://t.co/heHeiTCsbQ
— zhiniang peng (@edwardzpeng) June 29, 2021
Now, Microsoft has issued emergency patches to address the vulnerability. The company has also warned customers that the vulnerability is being widely exploited by threat actors therefore they should “install these updates immediately.”
It is worth noting that PrintNightmare can allow threat actors to carry out remote attacks including code execution with system-level privileges on affected machines.
SEE: 12-Year-Old Windows Defender flaw risked 1 billion devices
Furthermore, an attacker can then install programs; view, change, or delete data; or create new accounts with full user rights, Microsoft has acknowledged.
According to Microsoft’s security advisory,
Microsoft has completed the investigation and has released security updates to address this vulnerability. We recommend that you install these updates immediately.
Note that the security updates released on and after July 6, 2021, contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527.
Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.