Security News > 2021 > August > Microsoft Confirms (Yet Another) PrintNightmare Flaw as Ransomware Actors Pounce
Microsoft released a pre-patch advisory to confirm the severe new vulnerability after researchers published video of demo exploits on Twitter showing that Redmond's latest PrintNightmare update was again problematic.
To make matters worse, anti-malware vendor CrowdStrike is warning that ransomware actors are already targeting one of the Windows PrintNightmare vulnerabilities to launch data-encrypting extortion attacks in South Korea.
Print Spooler, turned on by default on Microsoft Windows, is an executable file that's responsible for managing all print jobs getting sent to the computer printer or print server.
The issue has been a public embarrassment for Microsoft and suggests deep problems at the once-mighty MSRC. In the midst of Microsoft's hiccups, Crowdstrike is reporting that a known ransomware gang is attempting to exploit a known PrintNightmare flaw to launch data-encryption and extortion attacks.
A blog post from CrowdStike provides a timeline of the PrintNightmare class of bugs and warned that an exploit for one of the flaws - CVE-2021-34527 - have been used to plant ransomware on Windows machines in South Korea.
"The new incident involving Magniber ransomware using the recent PrintNightmare Printer Spooler vulnerability is surprising, but not uncommon considering the impact of the vulnerability. Several POCs have been in circulation since the issue was reported, and it was only a matter of time until adversaries attempted to leverage it to compromise victims and deliver malicious payloads," CrowdStrike noted.
News URL
Related news
- Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud (source)
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- Microsoft says more ransomware stopped before reaching encryption (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Black Basta ransomware poses as IT support on Microsoft Teams to breach networks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-02 | CVE-2021-34527 | Improper Privilege Management vulnerability in Microsoft products <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. | 8.8 |