9.3
CVSSv2

CVE-2021-1675

Published: 08/06/2021 Updated: 07/07/2021
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Windows Print Spooler Elevation of Privilege Vulnerability

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 10 -

microsoft windows 10 20h2

microsoft windows 10 21h1

microsoft windows 10 1607

microsoft windows 10 1809

microsoft windows 10 1909

microsoft windows 10 2004

microsoft windows 7 -

microsoft windows 8.1 -

microsoft windows rt 8.1 -

microsoft windows server 2008 -

microsoft windows server 2008 r2

microsoft windows server 2012 r2

microsoft windows server 2016 -

microsoft windows server 2012 -

microsoft windows server 2019 -

Github Repositories

CVE-2021-1675 - PrintNightmare LPE (PowerShell) Caleb Stewart | John Hammond | June 1, 2021 CVE-2021-1675 is a critical remote code execution and local privilege escalation vulnerability dubbed "PrintNightmare" Proof-of-concept exploits have been released (Python, C++) for the remote code execution capability, and a C# rendition for local privilege escalation We

CVE-2021-1675 - PrintNightmare LPE (PowerShell) Caleb Stewart | John Hammond | June 1, 2021 CVE-2021-1675 is a critical remote code execution and local privilege escalation vulnerability dubbed "PrintNightmare" Proof-of-concept exploits have been released (Python, C++) for the remote code execution capability, and a C# rendition for local privilege escalation We

Docker-PrinterNightmare A docker image for the PoC python impacket implementation of CVE-2021-1675 by cube0x0 The python PoC is not mine and is located at githubcom/cube0x0/CVE-2021-1675 Why is this useful? If you already have an existing impacket install and don't want to remove it, you can use this so that the PoC works It runs the authors custom version of im

CVE-2021-1675 - PrintNightmare LPE (PowerShell) Caleb Stewart | John Hammond | June 1, 2021 CVE-2021-1675 is a critical remote code execution and local privilege escalation vulnerability dubbed "PrintNightmare" Proof-of-concept exploits have been released (Python, C++) for the remote code execution capability, and a C# rendition for local privilege escalation We

Microsoft-CVE-2021-1675 I have created a small C# project that exploits vulnerability CVE-2021-1675 For more information about CVE-2021-1675, please check my blog post: thalpiuscom/2021/07/16/windows-print-spooler-elevation-of-privilege-vulnerability-cve-2021-1675-explained Usage Microsoft CVE-2021-1675 CVE-2021-1675exe /driverpath:c:\\absolete\\path /dll:c:\\absolet

CVE-2021-1675 修改自githubcom/sailay1996/PrintNightmare-LPE,支持远程调用。 1、上传PrintNightmareLPEexe与vlibdll到远程服务器上。 2、本地做好端口转发netsh interface portproxy add v4tov4 listenport=31337 connectaddress=19216884129 connectport=31337 3、本地启动xconsoleexe

PrintNightmare-LPE CVE-2021-1675 (PrintNightmare)

CVE-2021-1675 Impacket implementation of the PrintNightmare PoC originally created by Zhiniang Peng (@edwardzpeng) & Xuefeng Li (@lxf02942370) Tested on a fully patched 2019 Domain Controller Execute malicious DLL's remote or locally Installation Before running the exploit you need to install my version of Impacket and after that you're gucci pip3 uninstall

From Lares Labs: Detection & Remediation Information for CVE-2021-1675 This repo contains an EVTX sample of the CVE-2021-1675 attack as well as a minimal Sysmon configuration file that can be used to generate the relevant telemetry Please note that these rules may be circumvented - please patch as appropriate and disable the printer spooler service on domain controller

Windows_Hardening_Project A project to help harden Windows 10 machines through powershell scripts Alot of features are going away in Windows 10 and Windows 11 has a good chance to no longer support wmic and other useful built-in Windows Features Link for referrence docsmicrosoftcom/en-us/windows/deployment/planning/windows-10-deprecated-features#:~:t

CVE-2021-1675-LPE Local Privilege Escalation Edition for CVE-2021-1675

CVE-2021-1675-Mitigation-For-Systems-That-Need-Spooler A temporary mitigation to the CVE-2021-1675 Print Spooler will be disabled during non-business hours The idea is too automatically disabled the 'spooler' service inside of Windows when users will not be onsite or needing a print server This was achived by creating powershell scripts that stop and start the serv

PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service Ten years ago, an escalation of privilege bug in Windows Printer Spooler was used in Stuxnet, which is a notorious worm that destroyed the nuclear enrichment centrifuges of Iran and infected more than 45000 networks In the past ten years, spooler still has an endless stream of vulnerabilities disc

PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service Ten years ago, an escalation of privilege bug in Windows Printer Spooler was used in Stuxnet, which is a notorious worm that destroyed the nuclear enrichment centrifuges of Iran and infected more than 45000 networks In the past ten years, spooler still has an endless stream of vulnerabilities disc

CVE-2021-1675

PrintNightmare-CVE-2021-1675 Youtube : youtube/Zr0KjYDSFKQ

CVE-2021-1675 Fix without disabling Print Spooler Script checks the existance of de CVE-2021-1675 fix from Microsoft and removes members from the "Pre-Windows 2000 Compatible Access" group on the domain

PrintNightmare Driver Checker A tool to disable the spool service to avoid an attack on this one (CVE-2021–1675) The tool also checks if the drivers are signed by Microsoft or not, so you can check their provenance and see if they are suspicious or not

Simple policy to detect CVE-2021-1675 Following functionality are provided by the script :: This zeek package Utilizes pcap and work of : githubcom/LaresLLC/CVE-2021-1675git builds upon the fact that Installation zeek-pkg install zeek/initconf/ or @load Detailed Notes: Detail Alerts and descriptions: Following alerts are generated by the script: Heuristics a

CVE-2021-1675 CVE-2021-1675: ZERO-DAY VULNERABILITY IN WINDOWS PRINTER SERVICE WITH AN EXPLOIT AVAILABLE IN ALL OPERATING SYSTEM VERSIONS

CVE-2021-1675 Impacket implementation of the PrintNightmare PoC originally created by Zhiniang Peng (@edwardzpeng) & Xuefeng Li (@lxf02942370) Tested on a fully patched 2019 Domain Controller Execute malicious DLL's remote or locally Installation Before running the exploit you need to install my version of Impacket and after that you're gucci git clone https

CVE-2021-1675-LPE-EXP CVE-2021-1675 Simple LPE Exploit

Invoke-PrinterNightmareCheck Resources for the identification and mitigation of CVE-2021-1675

SpoolSploit A collection of Windows print spooler exploits containerized with other utilities for practical exploitation Summary SpoolSploit is a collection of Windows print spooler exploits containerized with other utilities for practical exploitation A couple of highly effective methods would be relaying machine account credentials to escalate privileges and execute malicio

Description win10-presettxt A custom preset file to use with githubcom/Disassembler0/Win10-Initial-Setup-Script/ Todo kali-post-installzsh Add githubcom/cube0x0/CVE-2021-1675 Download and unzip Processhacker Install EyeWitness via apt? Configure Samba readonly and write shares Change /usr/local/bin links to 'python3 /opt/folder/toolpy "$@&qu

PrintNightmareScanner Scanner to detect Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-1675) Prerequisite's python3 python3 -m pip install -r Requirementstxt Usage python3 detectprintnightmarepy --help usage: detectprintnightmarepy [-h] [-t TARGET] [-T TARGETS] [-c CIDR] optional arguments: -h, --help show this help message and exit

CVE-2021-1675-SCANNER Vulnerability Scanner for CVE-2021-1675

PrintNightmare-BB-Payload PrintNightmare Payload for the Hak5 BashBunny Building a quick and dirty condenced verison of githubcom/calebstewart/CVE-2021-1675 for the Hak5 BashBunny

PrintNightmare (CVE-2021-1675) This Zeek script detects successful RpcAddPrinterDriver{,Ex} DCE RPC events, which are required to successfully exploit the vulnerability Tested on exploit PCAPs from Lares Lab Notices Printer_Driver_Changed_Successfully indicates the printer driver was changed successfully References githubcom/LaresLLC/CVE-2021-1675 github

CVE-2021-1675 - PrintNightmare LPE (PowerShell) Caleb Stewart | John Hammond | July 1, 2021 CVE-2021-1675 is a critical remote code execution and local privilege escalation vulnerability dubbed "PrintNightmare" Proof-of-concept exploits have been released (Python, C++) for the remote code execution capability, and a C# rendition for local privilege escalation We

PrintNightmareCheck This repository contains some manul checks to see if the system is vulnerable to the PrintNightmare vulnerability (CVE-2021-1675, CVE-2021-34527) and also a PowerShell script to automate the process Please note that this is the first PowerShell script I have ever written myself so do not rely on it! Manual checks Check if Print Spooler service is running #

PrintNightmare - Windows Print Spooler RCE/LPE Vulnerability (CVE-2021-34527, CVE-2021-1675) Summary This is a remote code execution vulnerability that can be used to obtain SYSTEM level privileges by an authenticated remote user against Windows machines running the print spooler service An attacker could then use that access to create new accounts, attempt to install programs

CVE-2021-1675 / CVE-2021-34527 Two mini Script to check if the PrintSpooler Serivce is running within the Forest CVE-2021-1675: msrcmicrosoftcom/update-guide/en-US/vulnerability/CVE-2021-1675 CVE-2021-34527 aka PrintNightmare msrcmicrosoftcom/update-guide/vulnerability/CVE-2021-34527 Scripts Detect running Printer Spooler Service on DCs: githubcom/

Invoke-BuildAnonymousSMBServer Use to build an anonymous SMB file server This is useful for testing CVE-2021-1675 and CVE-2021-34527 Test is successful on the following system: Windows 7 Windows 8 Windows 10 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016

CVE-2021-34527_mitigation Mitigation for CVE-2021-34527 via settings WRITE ACLs - Setting Modify Deny ACLs can cause other issues and is not recommended These scripts are both to add and remove CVE-2021-34527(PrintNightmare) ACL mitigations that I wrote with assistance from /u/AforAnonymous from the reddit thread by Huntress in /r/MSP I've personally tested this using a

Chainlink Python External Adapter for NVD Impact Score and vulnerability description This repository implemented chanlink external adapter for getting impact score and vulnerability description from Nation vulnerability database It is coded by Python and chainlink official template Install pip3 install -r requirementstxt Run locally: python3 apppy open another terminel : c

PowerSharpPack Many usefull offensive CSharp Projects wraped into Powershell for easy usage Why? In my personal opinion offensive Powershell is not dead because of AMSI, Script-block-logging, Constrained Language Mode or other protection features Any of these mechanisms can be bypassed Since most new innovative offensive security projects are written in C# I decided to make

CVE-2021-1675 / CVE-2021-34527 Impacket implementation of the PrintNightmare PoC originally created by Zhiniang Peng (@edwardzpeng) & Xuefeng Li (@lxf02942370) Tested on a fully patched 2019 Domain Controller Execute malicious DLL's remote or locally Installation Before running the exploit you need to install my version of Impacket and after that you're gucc

Test if you are still vulnerable to PrintNightmare's privesc after patching PrintNightmare (CVE-2021-1675 / CVE 2021 34527) is an exploit that takes advantage of the AddPrintDriver function of the Spooler to arbitrarily execute files with high-privs There is some confusion if the round of patches released by Microsoft on 6th July 2021 It seems the RCE portion of the expl

Arsenals This is my personal safe for arsenals Feel free to refer and use at anytime You can also refer to this arsenals for any extra commands (Ctrl+f will definitely help) Disclaimer: Do not use this command for illegal use Any action you take upon the information on this repo is strictly at your own risk ACLs/ACEs permissions Enumeration Domain Enumeration Forest Trust

CVE-2021-1675 CVE-2021-1675 exploit 漏洞利用马上上传

介绍 参考各位大佬写的关于CS的脚本,内容有横向移动、密码抓取、权限提升、权限维持等,尽可能将内网渗透中常用到的东西整理一下,方便使用 更新日志 202177 更新CVE-2021-1675(只测试了本地提权,其他的待测) 参考于 githubcom/cube0x0/CVE-2021-1675

CVE-2021-1675 Impacket implementation of the PrintNightmare PoC originally created by Zhiniang Peng (@edwardzpeng) & Xuefeng Li (@lxf02942370) Tested on a fully patched 2019 Domain Controller Execute malicious DLL's remote or locally Installation Before running the exploit you need to install my version of Impacket and after that you're gucci pip3 uninstall

Forensics This repository is including Incident Response and Threat hunting scripts Triage_v11-PrintNightmareps1 ###DFIR_CVE-2021-1675 This script is reconfigured regarding to CVE-2021-1675 vulnerability It is extracting the standard triage information and IoCs of this vulnerability ###DFIR_Windows_Server/Workstation_Triage_PowerShell### The script will extract triage inf

Invoke-PrinterNightmareCheck Resources for the identification and mitigation of CVE-2021-1675

printnightmare This is a group of Powershell scripts I used to block the printnightmare vulnerability spooler-stop-disable-printnightmareps1 The first script stops and disables the print spooler service This should be run on member servers Can be used remotely by running the following PS command: PS> Invoke-Command -FilePath \spooler-stop-disable-printnightmareps1

The bug (CVE-2021-1675) exists in the Windows Print Spooler and has been dubbed “PrintNightmare” by researchers It was originally addressed in June’s Patch Tuesday updates from Microsoft as a minor elevation-of-privilege vulnerability, but the listing was updated last week after researchers from Tencent and NSFOCUS TIANJI Lab figured out it could be used for

〖EXP〗Ladon打印机漏洞提权CVE-2021-1675复现 k8gegeorg/p/CVE-2021-1675html 基本情况 6月9日,微软发布6月安全更新补丁,修复了50个安全漏洞,其中包括一个Windows Print Spooler权限提升漏洞,漏洞CVE编号:CVE-2021-1675。未经身份验证的远程攻击者可利用该漏洞以SYSTEM权限在域控制器上执行任意代

SharpKatz Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands Usage Ekeys SharpKatzexe --Command ekeys list Kerberos encryption keys Msv SharpKatzexe --Command msv Retrive user credentials from Msv provider Kerberos SharpKatzexe --Command kerberos Retrive user credentials from Kerberos provider Tspkg SharpKatzexe --Command tspk

CVE-2021-34527 - PrintNightmare LPE (PowerShell) Caleb Stewart | John Hammond | June 1, 2021 UPDATE June 2 2021: Microsoft has released an advisory on CVE-2021-34527, correctly terming that specific identifier as the PrintNightmare vulnerability exploit Previously, the community was assuming CVE-2021-1675 "was PrintNightmare" as the June 8 path did not resolve th

ZeroLogon - dirkjanm CVE-2020-1472 static binaries Description This repository contains static standalone binaries for Windows and Linux (both x64) for the following Python tools: dirkjanm's CVE-2020-1472 Python scripts cve-2020-1472-exploitpy and restorepasswordpy cube0x0's CVE-2021-1675 Python script CVE-2021-1675py The build process is heavily based on work

microsoft-vulnerabilidades Vulnerabilidade de execução remota de código do Spooler de Impressão do Windows CVE-2021-34527 fonte: msrcmicrosoftcom/update-guide/vulnerability/CVE-2021-34527 Vulnerabilidade de Segurança Lançado: 01/07/2021 Last updated: 15 de jul de 2021 Assigning CNA: Microsoft MITRE CVE-2021-34527 CVSS:30 88

PrintNightmare How to disable the Print Spooler service ? CMD Shell net start | findstr -i "spooler" net stop spooler REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Spooler" /v "Start " /t REG_DWORD /d "4" /f PowerShell Get-Service -Name Spooler Stop-Service -Name Spooler -Force Set-Service -Name Spooler -StartupType Disabled Service Con

PrintNightmare- Information on the Windows Spooler vulnerability - CVE-2021-1675; CVE 2021 34527

CVE-2021-1675 / CVE-2021-34527 Impacket implementation of the PrintNightmare PoC originally created by Zhiniang Peng (@edwardzpeng) & Xuefeng Li (@lxf02942370) Tested on a fully patched 2019 Domain Controller Execute malicious DLL's remote or locally Installation Before running the exploit you need to install my version of Impacket and after that you're gucc

OffensivePythonPipeline This repository contains the following static standalone binaries of Python offensive tools: Tool Operating System(s) Binary output(s) CrackMapExec Linux / Windows x64 crackmapexec_linux crackmapexec_windowsexe dirkjanm's CVE-2020-1472 (ZeroLogon) Linux / Windows x64 cve-2020-1472-exploit_linux restorepassword_linux cve-2020-1472-exploi

CVE-2021-34527 - PrintNightmare LPE (PowerShell) Caleb Stewart | John Hammond | June 1, 2021 UPDATE June 2 2021: Microsoft has released an advisory on CVE-2021-34527, correctly terming that specific identifier as the PrintNightmare vulnerability exploit Previously, the community was assuming CVE-2021-1675 "was PrintNightmare" as the June 8 path did not resolve th

CVE-2021-34527 - PrintNightmare LPE (PowerShell) Jennofrie | June 1, 2021 UPDATE June 2 2021: Microsoft has released an advisory on CVE-2021-34527, correctly terming that specific identifier as the PrintNightmare vulnerability exploit Previously, the community was assuming CVE-2021-1675 "was PrintNightmare" as the June 8 path did not resolve this issue This repo

Microsoft Wont-Fix-List A list of vulnerabilities or design flaws Microsoft does not intend to fix Since the number is growing, I decided to make a list LPE = Local Privilege Escalation DPE = Domain-wide Privilege Escalation RCE = Remote Code Execution Vulnerability CVE Attack Type It's NTLM again, right? How it works in a nutshell SpoolSample works as designed

CVE-POC 2021 CVE-2021-1675 CVE-2021-1675- Impacket implementation of the PrintNightmare PoC cube0x0/CVE-2021-1675 CVE-2021-21315 CVE-2021-21315 - NodeJS OS sanitize service Parameters Command Injection ForbiddenProgrammer/CVE-2021-21315-PoC Twitter/@wugeej CVE-2021-21972 CVE-2021-21972 - vCenter Server RCE GuayoyoCyber/CVE-2021-21972 Twitter/@wugeej CVE-2021-21975

AFINE Team contribution Conferences Date Topic Details 11/09/2020 Współczesna infrastruktura Red Teamowa, Łukasz Mikuła, Piotr Madej, Security Case Study Link 27/02/2020 Phishing - jak malware trafia do Twojej organizacji Link 29/01/2020 O pracy pentestera Link 14/12/2019 COM to me, baby Łukasz Mikuła, WTH Conference Link 14/12/2019 Logiczne p

Recent Articles

Microsoft: New Unpatched Bug in Windows Print Spooler
Threatpost • Elizabeth Montalbano • 16 Jul 2021

Microsoft has warned of yet another vulnerability that’s been discovered in its Windows Print Spooler that can allow attackers to elevate privilege to gain full user rights to a system. The advisory comes on the heels of patching two other remote code-execution (RCE) bugs found in the print service that collectively became known as PrintNightmare.
The company released the advisory late Thursday for the latest bug, a Windows Print Spooler elevation-of-privilege vulnerability tracked as CV...

You'll want to shut down the Windows Print Spooler service (yes, again): Another privilege escalation bug found
The Register • Richard Speed • 16 Jul 2021

PrintNightmare? More like Groundhog Day for admins

Microsoft has shared guidance revealing yet another vulnerability connected to its Windows Print Spooler service, saying it is "developing a security update."
The latest Print Spooler service vuln has been assigned CVE-2021-34481, and can be exploited to elevate privilege to SYSTEM level via file operations.
This can be used by malware already running on a Windows machine or a rogue user to fully compromise a bo
The solution? For now, you can only "stop and disable the Print Sp...

Microsoft issues patch to fix PrintNightmare zero‑day bug
welivesecurity • 08 Jul 2021

Microsoft on Wednesday released an emergency update to plug a vulnerability in  the Windows Print Spooler service that is being actively exploited in the wild. Dubbed PrintNightmare, the zero-day security flaw affects all versions of the Microsoft Windows operating system going back as far as Windows 7.
Indexed as CVE-2021-34527, the remote-code execution bug is ranked high in severity and holds a score of 8.2 of 10 on the Common Vulnerability Scoring System (CVSS) scale. The security loo...

CISA Offers New Mitigation for PrintNightmare Bug
Threatpost • Elizabeth Montalbano • 02 Jul 2021

The U.S. government has stepped in to offer a mitigation for a critical remote code execution (RCE) vulnerability in the Windows Print Spooler service that may not have been fully patched by Microsoft’s initial effort to fix it.
To mitigate the bug, dubbed PrintNightmare, the CERT Coordination Center (CERT/CC) has released a VulNote for CVE-2021-1675 urging system administrations to disable the Windows Print Spooler service in Domain Controllers and systems that do not print, the Cyberse...

The PrintNightmare continues: Microsoft confirms presence of vulnerable code in all versions of Windows
The Register • Richard Speed • 02 Jul 2021

That printer plugged into your domain controller? Yeah, you might not be using that for a while

Microsoft has assigned CVE-2021-34527 to the print spooler remote code execution vulnerability known as "PrintNightmare" and confirmed that the offending code is lurking in all versions of Windows.
The megacorp said it was still investigating whether the vulnerability was exploitable in every version, but domain controllers are indeed affected.
Microsoft also confirmed that this nasty was distinct from CVE-2021-1675, which was all about a different attack vector and a different vulne...

Microsoft shares mitigations for Windows PrintNightmare zero-day bug
BleepingComputer • Sergiu Gatlan • 02 Jul 2021

Microsoft has provided mitigation guidance to block attacks on systems vulnerable to exploits targeting the Windows Print Spooler zero-day vulnerability known as PrintNightmare.
This remote code execution (RCE) bug—now tracked as CVE-2021-34527—impacts all versions of Windows per Microsoft, with the company still investigating if the vulnerability is exploitable on all of them.
CVE-2021-34527 allows 
 via remote code execution with SYSTEM privileges as it enables them ...

PrintNightmare: Kicking users from Pre-Windows 2000 legacy group may thwart domain controller exploitation
The Register • Gareth Corfield • 01 Jul 2021

While Uncle Sam recommends shutting down print spooler service

Another potential mitigation has emerged for the PrintNightmare zero-day vuln, which lets low-privileged users execute code as SYSTEM on Windows domain controllers: remove those people from a backwards-compatibility group.
The zero-day hole came to light earlier this week after an infosec research firm mistakenly published proof-of-concept exploit code for a remote-code execution (RCE) vuln it had nicknamed PrintNightmare. Sangfor Technologies published the exploit for the vulnerability af...

CISA: Disable Windows Print Spooler on servers not used for printing
BleepingComputer • Sergiu Gatlan • 01 Jul 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a notification regarding the critical PrintNightmare zero-day vulnerability and advises admins to disable the Windows Print Spooler service on servers
.
"CISA encourages administrators to disable the Windows Print spooler service in Domain Controllers and systems that do not print," the US federal agency
.
"Additionally, administrators should employ the following best practice from Microsoft's how-t...

PoC Exploit Circulating for Critical Windows Print Spooler Bug
Threatpost • Tara Seals • 30 Jun 2021

UPDATE
A proof-of-concept for a critical Windows security vulnerability that allows remote code execution (RCE) was dropped on GitHub on Tuesday – and while it was taken back down within a few hours, the code was copied and is still out there circulating on the platform.
The bug (CVE-2021-1675) exists in the Windows Print Spooler and has been dubbed “PrintNightmare” by researchers. It was originally addressed in June’s Patch Tuesday updates from Microsoft as a minor elevation...

Leaked print spooler exploit lets Windows users remotely execute code as system on your domain controller
The Register • Gareth Corfield • 30 Jun 2021

Kill this service immediately

An infosec firm accidentally published proof-of-concept code for a critical Windows print spooler remote code execution vuln that could lead to compromise of Active Directory domain controllers.
The exploit, initially tracked as CVE-2021-1675, allows a low-privileged remote attacker to execute code on a target system. Initially Microsoft classified it as a privilege escalation flaw in June's Patch Tuesday run of Windows updates – but on 21 June that classification was upped to describe i...

Public Windows PrintNightmare 0-day exploit allows domain takeover
BleepingComputer • Ionut Ilascu • 30 Jun 2021

Technical details and a proof-of-concept (PoC) exploit have been accidentally leaked for a currently unpatched vulnerability in Windows that allows remote code execution.
Despite the need for authentication, the severity of the issue is critical as threat actors can use it to take over a Windows domain server to easily deploy malware across a company’s network.
The issue affects Windows Print Spooler and because of the long list of bugs impacting this component over the years [