Security News > 2021 > August > Microsoft Confirms (Yet Another) PrintNightmare Flaw as Ransomware Actors Pounce

Microsoft Confirms (Yet Another) PrintNightmare Flaw as Ransomware Actors Pounce
2021-08-12 15:53

Microsoft released a pre-patch advisory to confirm the severe new vulnerability after researchers published video of demo exploits on Twitter showing that Redmond's latest PrintNightmare update was again problematic.

To make matters worse, anti-malware vendor CrowdStrike is warning that ransomware actors are already targeting one of the Windows PrintNightmare vulnerabilities to launch data-encrypting extortion attacks in South Korea.

Print Spooler, turned on by default on Microsoft Windows, is an executable file that's responsible for managing all print jobs getting sent to the computer printer or print server.

The issue has been a public embarrassment for Microsoft and suggests deep problems at the once-mighty MSRC. In the midst of Microsoft's hiccups, Crowdstrike is reporting that a known ransomware gang is attempting to exploit a known PrintNightmare flaw to launch data-encryption and extortion attacks.

A blog post from CrowdStike provides a timeline of the PrintNightmare class of bugs and warned that an exploit for one of the flaws - CVE-2021-34527 - have been used to plant ransomware on Windows machines in South Korea.

"The new incident involving Magniber ransomware using the recent PrintNightmare Printer Spooler vulnerability is surprising, but not uncommon considering the impact of the vulnerability. Several POCs have been in circulation since the issue was reported, and it was only a matter of time until adversaries attempted to leverage it to compromise victims and deliver malicious payloads," CrowdStrike noted.


News URL

http://feedproxy.google.com/~r/securityweek/~3/bI_LRLaP98g/microsoft-confirms-yet-another-printnightmare-flaw-ransomware-actors-pounce

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-07-02 CVE-2021-34527 Improper Privilege Management vulnerability in Microsoft products
<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations.
network
low complexity
microsoft CWE-269
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 480 75 2308 5127 264 7774