Security News > 2021 > June > PoC Exploit Circulating for Critical Windows Print Spooler Bug
UPDATE. A proof-of-concept for a critical Windows security vulnerability that allows remote code execution was dropped on GitHub on Tuesday - and while it was taken back down within a few hours, the code was copied and is still out there circulating on the platform.
The bug exists in the Windows Print Spooler and has been dubbed "PrintNightmare" by researchers.
"To exploit the remote code-execution portion of the vulnerability, it is required to have a user authenticate to the Spooler service on the target system. Considering it is common to have the Spooler service enabled on most Windows systems in a standard domain environment, this vulnerability is very dangerous and can allow an attacker to easily gain remote code execution through the Windows environment with a single set of credentials."
The team at Sangfor said in their GitHub posting that in the domain controller environment, the Print Spooler service is normally enabled, so the compromise of any DC user could likely result in RCE. More Print Spooler Bugs and Exploits Coming Soon.
"Windows Print Spooler has a long history of vulnerabilities and its ubiquity can allow for serious impact on targets," Tillis noted in the Tenable writeup on Tuesday.
"Most notably, Print Spooler vulnerabilities were tied to the Stuxnet attacks over a decade ago. More recently, CVE-2020-1337 was a zero-day in print spooler disclosed at last year's Black Hat and DEF CON events, which happened to be a patch bypass for CVE-2020-1048, another Windows Print Spooler vulnerability that was patched in May 2020.".
News URL
https://threatpost.com/poc-exploit-windows-print-spooler-bug/167430/
Related news
- Week in review: Windows Server 2025 gets hotpatching option, PoC for SolarWinds WHD flaw released (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-17 | CVE-2020-1337 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. | 7.8 |
| 2020-05-21 | CVE-2020-1048 | Incorrect Resource Transfer Between Spheres vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. | 7.8 |