Security News > 2021 > June > Public Windows PrintNightmare 0-day exploit allows domain takeover
Update: Microsoft acknowledged PrintNightmare as a zero-day that has been affecting all Windows versions since before June 2021 security updates.
Technical details and a proof-of-concept exploit have been accidentally leaked for a currently unpatched vulnerability in Windows that allows remote code execution.
The issue affects Windows Print Spooler and because of the long list of bugs impacting this component over the years [1, 2, 3, 4], the researchers named it PrintNightmare.
Several researchers have tested the leaked PoC exploit on fully patched Windows Server 2019 systems and were able to execute code as SYSTEM. An accidental leak.
Seeing the exploit video, another team of researchers from Chinese security company Sangfor, decided to release their technical writeup and a demo exploit for remote code execution, calling the bug PrintNightmare.
One of the researchers that reported CVE-2021-1675 to Microsoft, Yunhai Zhang of NSFOCUS, offered an explanation about why the patch does not stop the PrintNightmare exploit.
News URL
Related news
- OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-08 | CVE-2021-1675 | Unspecified vulnerability in Microsoft products Windows Print Spooler Remote Code Execution Vulnerability | 7.8 |