Microsoft PrintNightmare

Updated: Jul 30, 2021

Public 0-day exploit allows domain takeover

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527


A remote code execution vulnerability exists in Windows OS when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft is encouraging customers to either "Disable the Print Spooler service" or "Disable inbound remote printing through Group Policy".


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527


Background

On June 30 it was disclosed that the technical details and a proof-of-concept (PoC) exploit have been accidentally leaked for a currently unpatched vulnerability in Windows that allows remote code execution. Despite the need for authentication, the severity of the issue is critical as threat actors can use it to take over a Windows domain server to easily deploy malware across a company’s network. The issue affects Windows Print Spooler and the researchers named it PrintNightmare.

https://www.bleepingcomputer.com/news/security/public-windows-printnightmare-0-day-exploit-allows-domain-takeover/


Announced

June 30: Initial details emerge -

https://www.bleepingcomputer.com/news/security/public-windows-printnightmare-0-day-exploit-allows-domain-takeover/


Latest Developments

July 7 - Full patch / fix released -

https://www.bleepingcomputer.com/news/security/microsoft-printnightmare-now-patched-on-all-windows-versions/


July 6 - Microsoft released a security patch (found later to be a partial fix) -

https://us-cert.cisa.gov/ncas/current-activity/2021/07/06/microsoft-releases-out-band-security-updates-printnightmare


July 2 - Microsoft is investigating the vulnerability and assigned a CVE to the vulnerability -

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527


For this our any other cybersecurity concerns please feel to reach out to us at Get Started!


3 views0 comments

Recent Posts

See All

Colonial Pipeline Outage https://www.colpipe.com/news/press-releases/media-statement-colonial-pipeline-system-disruption Earliest News...

In the Wild since March/2020 On December 13, 2020, FireEye announced the discovery of a highly sophisticated cyber intrusion that...