Security News > 2021 > July > Microsoft Warns of Critical "PrintNightmare" Flaw Being Exploited in the Wild

Microsoft on Thursday officially confirmed that the "PrintNightmare" remote code execution vulnerability affecting Windows Print Spooler is different from the issue the company addressed as part of its Patch Tuesday update released earlier this month, while warning that it has detected exploitation attempts targeting the flaw.

"A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations," Microsoft said in its advisory.

The acknowledgment comes after researchers from Hong Kong-based cybersecurity company Sangfor published a technical deep-dive of a Print Spooler RCE flaw to GitHub, along with a fully working PoC code, before it was taken down just hours after it went up.

CVE-2021-1675, originally classified as an elevation of privilege vulnerability and later revised to RCE, was remediated by Microsoft on June 8, 2021.

The company, in its advisory, noted that PrintNightmare is distinct from CVE-2021-1675 for reasons that the latter resolves a separate vulnerability in RpcAddPrinterDriverEx() and that the attack vector is different.

As workarounds, Microsoft is recommending users to disable the Print Spooler service or turn off inbound remote printing through Group Policy.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/0DtR37gKXdI/microsoft-warns-of-critical.html