Security News > 2021 > July > Researchers Leak PoC Exploit for a Critical Windows RCE Vulnerability

A proof-of-concept exploit related to a remote code execution vulnerability affecting Windows Print Spooler and patched by Microsoft earlier this month was briefly published online before being taken down.

The Windows maker addressed the vulnerability as part of its Patch Tuesday update on June 8, 2021.

"Either the attacker exploits the vulnerability by accessing the target system locally, or remotely; or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability," Microsoft said in its advisory.

Things took a turn when Chinese security firm QiAnXin earlier this week disclosed it was able to find the "Right approaches" to leverage the flaw, thereby demonstrating a successful exploitation to achieve RCE. Although the researchers refrained from sharing additional technical specifics, Hong Kong-based cybersecurity company Sangfor published what's an independent deep-dive of the same vulnerability to GitHub, along with a fully working PoC code, where it remained publicly accessible before it was taken offline a few hours later.

"We deleted the PoC of PrintNightmare. To mitigate this vulnerability, please update Windows to the latest version, or disable the Spooler service," tweeted Sangfor's Principal Security Researcher Zhiniang Peng.

Update - There are now indications that the fix released by Microsoft for the critical remote code execution vulnerability in the Windows Print spooler service in June does not completely remediate the root cause of the bug, according to the CERT Coordination Center, raising the possibility that it's a zero-day flaw in need of a patch.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/RiE4TN0RrSs/researchers-leak-poc-exploit-for.html