Security News > 2021 > June > Leaked print spooler exploit lets Windows users remotely execute code as system on your domain controller
An infosec firm accidentally published a proof-of-concept exploit for a critical Windows print spooler vulnerability that can be abused by rogue users to compromise Active Directory domain controllers.
This security hole could be exploited by a normal user to execute code as an administrator on a system running the print spooler service.
PrintNightmare can be exploited by a malicious or compromised authenticated user to execute code at the SYSTEM level on a remote domain controller via the vulnerable Windows Print Spooler service running on that box.
Any Windows installation running the vulnerable print spooler service may potentially be at risk; domain controllers are a more valuable target, however.
Fully patched Windows 2019 domain controller, popped with 0day exploit from a regular Domain User's account giving full SYSTEM privileges.
"He added:"It works from any domain user to exploit any network server using the print spooler service, which is enabled by default on domain controllers.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/06/30/windows_print_spool_vuln_rce/
Related news
- OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)