Security News > 2021 > June > Public Windows PrintNightmare 0-day exploit allows domain takeover
Update: Microsoft acknowledged PrintNightmare as a zero-day that has been affecting all Windows versions since before June 2021 security updates.
Technical details and a proof-of-concept exploit have been accidentally leaked for a currently unpatched vulnerability in Windows that allows remote code execution.
The issue affects Windows Print Spooler and because of the long list of bugs impacting this component over the years [1, 2, 3, 4], the researchers named it PrintNightmare.
Several researchers have tested the leaked PoC exploit on fully patched Windows Server 2019 systems and were able to execute code as SYSTEM. An accidental leak.
Seeing the exploit video, another team of researchers from Chinese security company Sangfor, decided to release their technical writeup and a demo exploit for remote code execution, calling the bug PrintNightmare.
One of the researchers that reported CVE-2021-1675 to Microsoft, Yunhai Zhang of NSFOCUS, offered an explanation about why the patch does not stop the PrintNightmare exploit.
News URL
Related news
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers (source)
- Mitel 0-day, 5-year-old Oracle RCE bug under active exploit (source)
- Security pros baited with fake Windows LDAP exploit traps (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-08 | CVE-2021-1675 | Unspecified vulnerability in Microsoft products Windows Print Spooler Remote Code Execution Vulnerability | 0.0 |