PrintNightmare alarm: 0day on Windows

A vulnerability in the Windows print spooler is circulating publicly, and is said to allow RCE. Today Microsoft and security authorities released some details.

The RCE-enabled vulnerability is registered as CVE-2021-1675 and hits Windows Print Spooler. It is known as PrintNightmare. On July 1, 2021, Microsoft confirmed that the vulnerability allows RCE (CVE-2021-1675), is still unrepaired, and is being exploited.

paper

The American CISA issued a warning also about the PrintNightmare vulnerability. The CERT Coordination Center (CERT / CC) encourages administrators to disable the Windows Print Spooler service on non-print domains and systems.

Additionally, administrators should use a method from the Microsoft instructions that were published on January 11, 2021:
"Due to the possibility of compromise, the Print Spooler service should be disabled on domain controllers and Active Directory management systems. The suggested way to do this is to use a political group. ”

As of July 1, 2021, Microsoft has published the vulnerability description for Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-34527 and reviewed previous ratings.

The company has confirmed that it is aware that the vulnerability is Remote Code Execution (RCE) and is present in Windows Print Spooler.
An attacker using this vulnerability could run arbitrary code with SYSTEM privileges. So it can install programs, view, modify or delete data. For those who know, the attack requires a authenticated user to call RpcAddPrinterDriverEx ().

More details at PoC of vulnerability.

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















PrintNightmare, print nightmare, 0day, 0day exploit, 0day exploits, iguru, iguru.gr

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).