Security News > 2021 > June > Windows Admins Scrambling to Contain 'PrintNightmare' Flaw Exposure
Windows network administrators are scrambling to contain the fallout from the release of proof-of-concept code for a nasty Windows Print Spooler vulnerability that exposes Windows servers to remote code execution attacks.
Multiple threat hunters are reporting that published demo exploit code provides a code execution path on fully patched Windows servers, meaning that Microsoft's June patch may have missed the mark.
"Fully patched Windows 2019 domain controller, popped with 0day exploit from a regular Domain User's account giving full SYSTEM privileges. Disable"Print Spooler" service on servers that do not require it," according to one researcher tracking the issue.
Multiple threat hunters spoke to SecurityWeek on background to warn that applying Microsoft's June fix does not protect some fully patched Windows servers, including 2012R2, 2016, and 2019.
At the same time, the Black Hat conference announced the acceptance of a presentation on the details of the vulnerability by researchers at Sangfor, a Chinese security vendor that promptly released proof-of-concept code and a full technical write-up that showed a path to remote code execution.
Will Dormann, a Vulnerability Analyst at the CERT/CC, called on Microsoft Windows admins to treat this as a very important issue to mitigate.