Recently, a number of general purpose computers that are running Microsoft Windows 7/8/8.1 since service pack 1 (SP1) have been found to have an exploitable vulnerability in Windows PrintClient, that allows attackers to execute arbitrary code in kernel mode. This vulnerability is being actively exploited on the internet.
The zero-days in Windows PrintNightmare vulnerability is being actively exploited by the AppSec360.
Last week, a researcher by the name of “Sameer” disclosed details of a serious vulnerability that is being actively exploited by an attacker. The vulnerability, called OSINT2017-026, affects all desktop versions of Windows and can be exploited in many different ways.
Earlier this week, a vulnerability was discovered in Windows related to the Windows Print Spooler service, under the name PrintNightmare. The vulnerability was discovered after security researchers at Sangfor accidentally released a proof of concept exploit, which appears to be an error or lack of communication between the researchers and Microsoft.
The vulnerability, identified as CVE-2021-34527, allows an attacker to remotely execute code with system-level privileges. As you can guess, Windows is as bad as it gets. Microsoft has already started warning users about the unpatched vulnerability.
Although the test code was quickly removed from Github, there was already a fork of it. This means that code can be found on the Internet to exploit an unpatched Windows vulnerability, and that’s pretty scary.
We removed the POC from PrintNightmare. To fix this vulnerability, update Windows to the latest version or disable the Spooler service. To learn more about RCE and LPE in Spooler, stay tuned for our Blackhat Talk. https://t.co/heHeiTCsbQ
– zhiniang peng (@edwardzpeng) 29. June 2021
In the news: The FBI, NSA and their partners are warning of a global Russian brute force cyber attack.
It took a few days for Microsoft to come to its senses and finally issue a warning about the 0-day problem. According to BleepingComputer, the company has begun warning its customers that the vulnerability is being actively exploited. Because code can be executed remotely, threat actors can install programs, change data, and even create new accounts with administrator privileges.
Microsoft 365 Defender users can also view the threat report we published on this vulnerability. The report includes technical details, mitigation recommendations, and comprehensive hunting regulations, published here: https://t.co/tBunCJgn6W.
– Microsoft Security Intelligence (@MsftSecIntel) 2. July 2021
While the company has not yet released any patches or updates to address this issue, there are steps users can take to protect themselves.
The options basically boil down to disabling the Windows Print Spooler service or disabling incoming remote printing via the Group Policy Editor to eliminate the remote attack vector. In this case, the device does not function as a print server, but you can still print locally from a device connected to your PC.
In a separate post from BleepingComputer, CISA also published an advisory on the PrintNightmare vulnerability, asking system administrators to disable the Print Spooler service on Windows servers that are not used for printing.
Affected users can run the following two commands using Windows Powershell to disable the Print Spooler service if necessary.
Stop-Service -Name Spooler -ForceSet-Service -Name Spooler -StartupType Disabled
Users can also disable incoming remote printing through the Group Policy Editor by going to Computer Configuration/Government Templates/Printers and disabling the Print Spooler May Accept Client Connections policy.
In the news: Millions paid, petabytes of data leaked: Overview of cyber attacks for June 2021
Someone who writes, edits, films, presents technology programs and races virtual machines in their spare time. You can contact Yadullah at [email protected] or follow him on Instagram or Twitter.”Windows PrintNightmare” is an unpatched Windows vulnerability that allows an attacker to remotely execute code on a vulnerable system as a result of a printjob. This vulnerability is not something new, it was released in the first public disclosure of the MS08-067 flaw back in 2008. The vulnerability has been uncovered again, and it is being actively exploited by the Fancy Bear group.. Read more about print spooler vulnerability patch and let us know what you think.
Related Tags:
windows print spooler vulnerabilitywindows print spooler exploitprint spooler zero day exploitprint spooler vulnerability patchprint spooler vulnerability redditdisable print spooler,People also search for,Privacy settings,How Search works,windows print spooler vulnerability,windows print spooler elevation of privilege vulnerability,windows print spooler exploit,print spooler zero day exploit,print spooler vulnerability patch,print spooler vulnerability reddit,disable print spooler,windows print spooler service