A zero-day vulnerability was discovered in Windows print spooler following an accidental release of a proof of concept by security researchers. The released PoC exploits PrintNightmare to be distinguished from CVE-2021-1675, another print spooler vulnerability discovered on the 8th of june 2021.
- CVE-2021-34527: This vulnerability enables an authenticated attacker to remotely execute code and eventually can lead to system take-over.
- CVE-2021-1675: This local privilege escalation vulnerability also allows threat actors to perform remote code execution
RECOMMENDED SOLUTION
- Patches have been issued for CVE-2021-1675 and can be found on Microsoft’s advisory.
- Updates are now available to correct CVE-2021-34527 but they have been bypassed by security researchers.
- 0patch has made a free patch available. Its efficiency against exploitation has been confirmed by a few sources from the security community.
POSSIBLE MITIGATION
- For the time being it is still recommended to disable Windows Print Spooler in Domain Controllers. Microsoft has issued a few workarounds and instructions to help its customers.
- Researchers have made public their current work on detection opportunities and potential signatures using the PoC.
For more information, refer to CISA and Microsoft to stay updated with the latest measures.
Sources : CISA, CERT-FR, Microsoft, Bleeping Computer, Carnegie Mellon University, 0patch