Windows Print Spooler Remote Code Execution Vulnerability (PrintNightmare). A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attack must involve an authenticated user calling RpcAddPrinterDriverEx().
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft windows server 2008 r2 |
||
microsoft windows server 2012 r2 |
||
microsoft windows 8.1 - |
||
microsoft windows server 2008 - |
||
microsoft windows 7 - |
||
microsoft windows rt 8.1 - |
||
microsoft windows server 2012 - |
||
microsoft windows server 2019 |
||
microsoft windows server 20h2 |
||
microsoft windows 10 1809 |
||
microsoft windows 10 20h2 |
||
microsoft windows 10 1507 |
||
microsoft windows 10 1607 |
||
microsoft windows server 2016 |
||
microsoft windows server 2022 |
||
microsoft windows 11 21h2 |
||
microsoft windows 10 21h2 |
||
microsoft windows 11 22h2 |
||
microsoft windows 10 22h2 |
New malware has links with multiple threat actors, including several high-profile ransomware operations.
Posted: 28 Jun, 202211 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinBumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime EcosystemNew malware has links with multiple threat actors, including several high-profile ransomware operations.Bumblebee, a recently developed malware loader, has quickly become a key component in a wide range of cyber-crime attacks and appears to have replaced a number of older loaders, which suggests ...
PrintNightmare? More like Groundhog Day for admins
Microsoft has shared guidance revealing yet another vulnerability connected to its Windows Print Spooler service, saying it is "developing a security update." The latest Print Spooler service vuln has been assigned CVE-2021-34481, and can be exploited to elevate privilege to SYSTEM level via file operations. This can be used by malware already running on a Windows machine or a rogue user to fully compromise a bo The solution? For now, you can only "stop and disable the Print Spooler service," di...
I pity the spool
Any celebrations that Microsoft's out-of-band patch had put a stop PrintNightmare shenanigans may have been premature. The emergency update turned up yesterday for a variety of Microsoft operating systems; little-used products like Windows Server 2012 and 2016 were excluded from the interim release. While it initially appeared the remote-code execution (RCE) aspect of the security bug had been resolved, the local privilege escalation (LPE) hole remained, judging by the findings of a number of se...
No fixes yet for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012
Microsoft has issued out-of-band patches for the PrintNightmare print spooler bug that allows lets remote Windows users execute code as system on your domain controller. The bug, designated CVE-2021-34527, is present in all versions of Windows. However, Microsoft’s advisory states: “Updates are not yet available for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012.” Those are worrying omissions, as the first two versions mentioned are five years old and could well be qu...
That printer plugged into your domain controller? Yeah, you might not be using that for a while
Microsoft has assigned CVE-2021-34527 to the print spooler remote code execution vulnerability known as "PrintNightmare" and confirmed that the offending code is lurking in all versions of Windows. The megacorp said it was still investigating whether the vulnerability was exploitable in every version, but domain controllers are indeed affected. Microsoft also confirmed that this nasty was distinct from CVE-2021-1675, which was all about a different attack vector and a different vulnerability in ...
Get our weekly newsletter Patch flaws and enforce authentication policies, CISA and FBI warn The PrintNightmare continues: Microsoft confirms presence of vulnerable code in all versions of Windows
State-sponsored threat actors from Russia over the last year breached a non-governmental organization (NGO) by leveraging multifactor authentication (MFA) defaults and exploiting the PrintNightmare vulnerability in Windows Print Spooler. The US Cybersecurity and Infrastructure Security Agency (CISA) and FBI issued a joint alert on March 15 warning organizations that state-backed criminals could use the MFA defaults and flaw to access networks. In this case, the unnamed cybercriminal gang took ad...