PrintNightmare vulnerability has attracted CISA attention, Microsoft said it is actively investigating

Although Microsoft will release a series of security updates during the monthly Patch Tuesday event, there are still fish that slip through the net. A few days ago, the domestic security company Sangfor discovered a zero-day vulnerability called PrintNightmare, which allows hackers to obtain complete remote code execution capabilities on a well-patched Windows Print Spooler device.

The vulnerability has attracted the attention of the US Cyber ​​Security and Infrastructure Security Agency (CISA), and Microsoft is actively investigating it. CISA describes the PrintNightmare vulnerability as a “critical vulnerability” because it can execute code remotely.

The CERT Coordination Center tracked it under VU#383432 and explained that the problem occurred because the Windows Print Spooler service did not restrict access to the RpcAddPrinterDriverEx function, which means that a remote authenticated attacker can use it to run arbitrary code. The execution of this arbitrary code is carried out under the guise of SYSTEM.

For reference, this problematic function is usually used to install printer drivers. However, because remote access is unrestricted, this means that a motivated attacker can point it to the driver on the remote server, allowing the infected machine to execute arbitrary code with SYSTEM privileges.

Join Our RealMi Central Channel On Telegram

It is worth noting that Microsoft fixed CVE-2021-1675 related issues in the June “Patch Tuesday” update, but the latest progress is not within the scope of the repair. The company stated that it is actively investigating this issue and has proposed two solutions for domain name administrators.

The first is to disable the Windows Print Spooler service, but this means that both local and remote printing will be disabled. The second is to disable inbound remote printing through Group Policy. This will restrict remote printing, but local printing will still work.

Microsoft is tracking the vulnerability with CVE-2021-34527. The company made it clear that the problematic code exists in all versions of Windows, but it is still investigating whether it can also be exploited in all versions. In other words, because the issue is under active investigation, Microsoft has not yet given it a vulnerability score, but it has also marked it as “critical.”

If you like our news and you want to see such news even further, then follow RealMi Central on Google News, Telegram (RealMi Central, Xiaomi, Apple, Realme, Samsung, Microsoft, OnePlus, Huawei/Honor, Android 12), Twitter, Facebook (Page) (Group) & Instagram.

Leave a Comment