A zero-day vulnerability was discovered in Windows print spooler following an accidental release of a proof of concept by security researchers. The released PoC exploits PrintNightmare to be distinguished from CVE-2021-1675, another print spooler vulnerability discovered on the 8th of june 2021.
- CVE-2021-34527: This vulnerability enables an authenticated attacker to remotely execute code and eventually can lead to system take-over.
- CVE-2021-1675: This local privilege escalation vulnerability also allows threat actors to perform remote code execution
- Patches have been issued for CVE-2021-1675 and can be found on Microsoft’s advisory.
- Updates are now available to correct CVE-2021-34527 but they have been bypassed by security researchers.
- 0patch has made a free patch available. Its efficiency against exploitation has been confirmed by a few sources from the security community.
- For the time being it is still recommended to disable Windows Print Spooler in Domain Controllers. Microsoft has issued a few workarounds and instructions to help its customers.
- Researchers have made public their current work on detection opportunities and potential signatures using the PoC.