Microsoft: the vulnerability of Windows Print NightMare is actively exploited
Microsoft has issued an urgent warning for Windows vulnerability, known as “Print nightmare,” which can allow hackers to run code from your PC. Exploitation depends on defects in Windows Print Spooler services, and Microsoft says it already knows active exploitation that utilizes it in the wild.
PrintnightMare – or CVE-2021-34527, because Microsoft has set it up – still assessed, with the company describing it as a “developing situation.” Security researchers in Sangsunfor have identified vulnerabilities, and published evidence of exploitation of concepts, apparently assuming that different fillings have resolved this problem.
In fact, Microsoft has actually patched a different vulnerability, which also relies on bugs in printer services, with similarities it seems to lead to the confusion of the researchers. The security team then lowered their exploitation code, but at that time Genie had come out of the bottle
We deleted the POC of PrintNightmare. To mitigate this vulnerability, please update Windows to the latest version, or disable the Spooler service. For more RCE and LPE in Spooler, stay tuned and wait our Blackhat talk. https://t.co/heHeiTCsbQ
— zhiniang peng (@edwardzpeng) June 29, 2021
“Vulnerability of remote code execution exists when Windows Print Spooler services do not properly carry out special file operations,” Microsoft explained. “An attacker who manages to exploit this vulnerability can run arbitrary code with the privilege of the system. An attacker can then install the program; see, change, or delete data; or create a new account with full user rights.”
Unfortunately, there are still no definitive patches to be installed. Instead, Microsoft’s advice is to make sure your system runs a security update released on June 8, 2021, and to follow the solution advice for now.
The solution includes deactivating print spooler services at all, or disables remote printing enters through changes in system group policies. Honestly, ideal repairs – or long term. By turning off the print spooler service at all, you will accidentally lose the ability to print both locally and remotely; Changing the group policy to block remote printing incoming will mean local printing is still functioning, but the system no longer serves as a print server.
However, the headache may be commensurate, given the scale of potential vulnerability. With full system privileges, hackers can use their access to running code or remove programs, do pretty much whatever they want with data, and create a new account that also has full user rights on the system. In the process, they can easily lock the user.