Articles CVE-2021-34527 : PrintNightmare Vulnerability, Exploit and Remediation

CVE-2021-34527 : PrintNightmare Vulnerability, Exploit and Remediation

-

Vulnerability

A PoC exploit for a dangerous vulnerability in Windows Print Spooler (spoolsv.exe) has been published online. This bug has ID CVE-2021-1675  or is named PrintNightmare. It was patched by Microsoft just a couple of weeks ago as part of June’s Patch Tuesday.

Windows Print Spooler Service is a universal interface between OS, applications, and local or network printers, allowing application developers to submit print jobs. This service has been included with Windows since the 90s and is notorious for its sheer number of related issues. In particular, vulnerabilities such as PrintDemon , FaxHell , Evil Printer , CVE-2020-1337 and even a number of 0-day bugs were associated with Windows Print Spooler , which were used in Stuxnet attacks .

The newest problem CVE-2021-1675 was discovered by experts from Tencent Security, AFINE and NSFOCUS earlier this year. The bug was originally classified as a low-level privilege escalation vulnerability that could allow attackers to gain administrator rights. However, Microsoft updated the bug description last week to report that the issue is fraught with remote arbitrary code execution.

Previously, practically nothing was known about CVE-2021-1675, since experts did not publish technical descriptions of the problem or exploits for it. But last week, the Chinese company QiAnXin showed a GIF file where it demonstrated the operation of its exploit for CVE-2021-1675. At the same time, the company did not publish any technical details and the exploit itself, in order to give users more time to install patches.

Exploit POC (Proof of Concept)

Exploit POC V2 (Proof of Concept)

Remediation

CVE-2021-1675 was patched as part of Microsoft’s Patch Tuesday release on June 8, 2021. However, the CERT/CC issued Vulnerability Note VU#383432 late on June 30 indicating that the original patch does not fix the flaws illustrated in the PoCs.

In the CVE-2021-34527 advisory released on July 1, Microsoft offers two mitigation options that can be used until a patch is released. Both of the migitations will affect printing operations so organizations should take care to ensure they understand what business operations could be impacted. The advisory still stresses the importance of applying the June patch to address CVE-2021-1675 and clarifies that CVE-2021-34527 is a separate vulnerability with a different attack vector.

In addition, the Cybersecurity & Infrastructure Security Agency (CISA) released an alert about PrintNighmare recommending administrators to follow Microsoft’s best practices from a how-to guide on Windows Print spooler service in Domain Controllers for those that are unable to disable the service in domain controllers and systems that do not need the ability to print.

Vulnerabilities like this are most likely to be used in targeted attacks, but all users and organizations are encouraged to patch quickly.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you