Microsoft have delivered emergency out-of-band patches for the PrintNightmare zero day print spooler vulnerability with more on the horizon.
The bug, CVE-2021-34527, is existent in all versions of Windows and exploits a remote code execution vulnerability where the Windows Print Spooler service improperly performs privileged file operations.
This vulnerability means that a cyber attacker could run arbitrary code leading to instilling programs; view, change or delete data and even go so far as to create new accounts with full user system rights for exploitative purposes on the system.
A cautionary Microsoft statement released outlined the situation with “the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as ‘PrintNightmare’, documented in CVE-2021-34527.”
Patches released are available for Windows Server 2019, Windows Server 2012 R2, Windows Server 2008, Windows 8.1, Windows RT 8.1, a variety of supported versions of Windows 10 and the no longer supported Windows 7.
However, Microsoft announced that security updates are not currently available for Windows 10 version 1607, Windows Server 2012 or 2016 and urges prompt installation of its patches to deter any attacks via the domain controller when made available in due course. Microsoft also offer workarounds to those unable to download the July patches including the shutting down of the Print Spooler Service and the disabling of inbound remote printing through group policy.
The proof of concept (PoC) was accidentally released by Chinese technology group Sangfor on GitHub, but was cloned and cached before the researchers realised their mistake and took down the PoC. The group were under the impression that the exploit had already been patched as part of Microsoft’s CVE-2021-1675 patch – a patch that Microsoft confirmed was distinct about a different attack vector and vulnerability issue associated with RpcAddPrinterEx.
The situation is continually updating and the latest news on Windows patch releases can be found here.