PrintNightmare zero-day leaves Windows servers vulnerable to attack Printer
Chinese security researchers have accidentally disclosed a new Windows zero-day dubbed “PrintNightmare” that can be exploited to achieve both remote code execution and local privilege escalation.
The researchers, from Shenzhen-based Sangfor Technologies, released a proof-of-concept exploit for a critical vulnerability in the built-in Windows service Print Spooler as they thought it had already been patched by Microsoft.
As it turns out, Microsoft released a patch to address this vulnerability (tracked as CVE-2021-1675) at the beginning of June though at the time, it was considered to be low severity.
In mid-June though, PrintNightmare was updated to a critical severity vulnerability as it was discovered it could be exploited to achieve remote code execution. To make matters worse, Microsoft’s patch at the beginning of the month did not successfully resolve this issue.
PrintNightmare
PrintNightmare affects Print Spooler which is enabled by default on all Windows machines and the service is used to manage printers or print servers.
Until Microsoft issues a patch to fix this zero-day, an attacker could remotely execute code on a vulnerable system to elevate a low privileged user account to that of an administrator with system level rights. Doing so would give them full access to a domain controller and from there they can take over a whole domain.
According to a new blog post from the cybersecurity company Huntress, PrintNightmare is a severe security flaw that affects a large number of Windows servers. Multiple proof-of-concepts have now been released in Python and C++ and the firm’s researchers have confirmed that this vulnerability is trivial to exploit.
While disabling Print Spooler will protect organizations from being affected by the PrintNightmare zero-day, doing so means they will be unable to print. The cybersecurity consulting firm TrueSec has devised another fix that doesn’t require Print Spooler to be disabled and in a separate blog post, its researchers explain that restricting the access controls (ACLs) in the directory that the exploit uses to drop malicious DLLs can help organizations protect themselves from any potential attacks leveraging the PrintNightmare zero-day.
As PrintNightmare poses a serious risk to organizations running Windows systems, expect Microsoft to issue a patch to address the issue soon and it could even possibly come before the company’s next Patch Tuesday.
Chinese security researchers have accidentally disclosed a new Windows zero-day dubbed “PrintNightmare” that can be exploited to achieve both remote code execution and local privilege escalation. The researchers, from Shenzhen-based Sangfor Technologies, released a proof-of-concept exploit for a critical vulnerability in the built-in Windows service Print Spooler as they thought…
Recent Posts
- Russell T. Davies turned to fantasy to make Doctor Who think harder
- Best Buy’s Memorial Day sale starts now: $1,100 off appliances, TVs and laptops
- 9 Best Coolers WIRED Tested For Every Budget, Any Situation
- AI assistants are so back
- Business ChatGPT users can now pull in files from Google Drive, OneDrive and more
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011