Microsoft confirmed that a zero-day vulnerability known as PrintNightmare, which can be exploited to enable remote code execution on a target device, affects every version of Windows.

Uncovered earlier this week, after security researchers, at Sangfor Technologies, accidentally published a proof-of-concept (PoC) exploit, the vulnerability allows attackers to remotely execute code with system-level privileges, which is as critical and problematic as you can get in Windows.

The vulnerability is found in code related to the Windows Print Spooler executable that handles pretty much every aspect of the process involved with printing something from a PC. Microsoft said that by default Windows Print Spooler launches alongside Windows and only closes when the operating system itself is shut down. That makes it an attractive target for attackers.

PrintNightmare is already being exploited in the wild, Microsoft said, and the security patches released on June 8 won't fully protect Windows devices from those attacks. That doesn't mean those patches should be avoided—they can still defend against other exploits, including those involving CVE-2021-1675. They just don't fully address exploits involving PrintNightmare.

Confirming the vulnerability, Microsoft said in a security bulletin -
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Microsoft further said that it is aware of and investigating a remote code execution vulnerability that affects Windows Print Spooler and has assigned a security identifier code - CVE-2021-34527 - to this vulnerability. This is an evolving situation and we will update the Common Vulnerabilities and Exposures (CVE) as more information is available.

Post a Comment

Previous Post Next Post
Like this content? Sign up for our daily newsletter to get latest updates.