A vulnerability in print spooler of Windows is publicly released, and reportedly allows RCE. Today Microsoft and security authorities released some details.
The RCE-enabled vulnerability is registered as CVE-2021-1675 and hits Windows Print Spooler. It is known as PrintNightmare. On July 1, 2021, Microsoft confirmed that the vulnerability allows RCE (CVE-2021-1675), is still unrepaired, and is being exploited.
The American CISA issued one beforenotice also for the PrintNightmare vulnerability. The CERT Coordination Center (CERT/CC) encourages administrators to disable the Windows Print Spooler service on domains and non-printing systems.
Additionally, administrators should use a method from the Microsoft instructions that were published on January 11, 2021:
"Due to the possibility of compromise, the Print Spooler service should be disabled on domain controllers and Active Directory management systems. The suggested way to do this is to use a political group. ”
As of July 1, 2021, Microsoft has published the vulnerability description for Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-34527 and reviewed previous ratings.
The company has confirmed that it is aware of the vulnerability Remote Code Execution (RCE) and is present in the Windows Print Spooler.
An attacker using this vulnerability could run arbitrary code with SYSTEM privileges. So it can install programs, view, modify or delete data. For those who know, the attack requires a authenticated user to call RpcAddPrinterDriverEx ().
More details at PoC of vulnerability.
