The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: PrintNightmare

How to Mitigate Microsoft Print Spooler Vulnerability – PrintNightmare

How to Mitigate Microsoft Print Spooler Vulnerability – PrintNightmare

July 08, 2021The Hacker News
This week, PrintNightmare - Microsoft's Print Spooler vulnerability (CVE-2021-34527) was upgraded from a 'Low' criticality to a 'Critical' criticality. This is due to a Proof of Concept published on GitHub, which attackers could potentially leverage for gaining access to Domain Controllers. As we reported earlier , Microsoft already released a patch in June 2021, but it wasn't enough to stop exploits. Attackers can still use Print Spooler when connecting remotely. You can find all you need to know about this vulnerability in this article and how you can mitigate it (and you can).  Print Spooler in a nutshell:  Print Spooler is Microsoft's service for managing and monitoring files printing. This service is among Microsoft's oldest and has had minimal maintenance updates since it was released.  Every Microsoft machine (servers and endpoints) has this feature enabled by default. PrintNightmare vulnerability:  As soon as an attacker gains limited user
Microsoft's Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability

Microsoft's Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability

July 07, 2021Ravie Lakshmanan
Even as Microsoft  expanded patches  for the so-called PrintNightmare vulnerability for Windows 10 version 1607, Windows Server 2012, and Windows Server 2016, it has come to light that the fix for the remote code execution exploit in the Windows Print Spooler service can be bypassed in certain scenarios, effectively defeating the security protections and permitting attackers to run arbitrary code on infected systems. On Tuesday, the Windows maker issued an  emergency out-of-band update  to address  CVE-2021-34527  (CVSS score: 8.8) after the flaw was accidentally disclosed by researchers from Hong Kong-based cybersecurity firm Sangfor late last month, at which point it emerged that the issue was different from another bug — tracked as  CVE-2021-1675  — that was patched by Microsoft on June 8. "Several days ago, two security vulnerabilities were found in Microsoft Windows' existing printing mechanism," Yaniv Balmas, head of cyber research at Check Point, told The Hack
Microsoft Issues Emergency Patch for Critical Windows PrintNightmare Vulnerability

Microsoft Issues Emergency Patch for Critical Windows PrintNightmare Vulnerability

July 06, 2021Ravie Lakshmanan
Microsoft has shipped an  emergency out-of-band security update  to address a critical zero-day vulnerability — known as "PrintNightmare" — that affects the Windows Print Spooler service and can permit remote threat actors to run arbitrary code and take over vulnerable systems. Tracked as  CVE-2021-34527  (CVSS score: 8.8), the remote code execution flaw impacts all supported editions of Windows. Last week, the company warned it had detected active exploitation attempts targeting the vulnerability. "The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system," the CERT Coordination Center said of the issue. It's worth noting that PrintNightmare includes both remote code execution and a local privilege escalation vector that can be abused in attacks to run com
Microsoft Warns of Critical "PrintNightmare" Flaw Being Exploited in the Wild

Microsoft Warns of Critical "PrintNightmare" Flaw Being Exploited in the Wild

July 01, 2021Ravie Lakshmanan
Microsoft on Thursday officially confirmed that the " PrintNightmare " remote code execution (RCE) vulnerability affecting Windows Print Spooler is different from the issue the company addressed as part of its Patch Tuesday update released earlier this month, while warning that it has detected exploitation attempts targeting the flaw. The company is tracking the security weakness under the identifier  CVE-2021-34527 , and has assigned it a severity rating of 8.8 on the CVSS scoring system. All versions of Windows contain the vulnerable code and are susceptible to exploitation. "A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations," Microsoft said in its advisory. "An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user righ
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.