Security News > 2021 > July > CISA Offers New Mitigation for PrintNightmare Bug

CISA Offers New Mitigation for PrintNightmare Bug
2021-07-02 12:21

The U.S. government has stepped in to offer a mitigation for a critical remote code execution vulnerability in the Windows Print Spooler service that may not have been fully patched by Microsoft's initial effort to fix it.

In the meantime, Microsoft Thursday put out a new advisory of its own on PrintNightmare that assigns a new CVE and seems to suggest a new attack vector while attempting to clarify confusion that has arisen over it.

While the company originally addressed CVE-2021-1675 in June's Patch Tuesday updates as a minor elevation-of-privilege vulnerability, the listing was updated last week after researchers from Tencent and NSFOCUS TIANJI Lab figured out it could be used for RCE. However, soon after it became clear to many experts that the patch appears to fail against the RCE aspect of the bug-hence CISA's offer of another mitigation and Microsoft's update.

Regarding the latter, the company dropped a notice Thursday for a bug called "Windows Print Spooler Remote Code Execution Vulnerability" that appears to be the same vulnerability, but with a different CVE number-in this case, CVE-2021-34527.

"An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

In retrospect, one security researcher noted to Threatpost when news of PrintNightmare surfaced Tuesday that it was "Curious" that the CVE for the original vulnerability was "-1675," observing that "Most of the CVEs Microsoft patched in June are -31000 and higher."


News URL

https://threatpost.com/cisa-mitigation-printnightmare-bug/167515/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-07-02 CVE-2021-34527 Improper Privilege Management vulnerability in Microsoft products
<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations.
network
low complexity
microsoft CWE-269
8.8
2021-06-08 CVE-2021-1675 Unspecified vulnerability in Microsoft products
Windows Print Spooler Remote Code Execution Vulnerability
local
low complexity
microsoft
7.8