Microsoft has marked CVE-2021-34527 remote code execution vulnerability (print Spooler) called "Print Nightmare." EHN previously reported that the latest bug "CVE-2021-1675" was in the long queue of Print Spooler Bugs, and was first found by researchers at Tencent Security, NSFOCUS, and AFINE earlier this year. Microsoft said that the compromised code is sneaking all Microsoft variants. The technology giant said that it is currently confirming whether the exploit was vulnerable in every variant, however, it is confirmed that the domain controllers were compromised. Microsoft also said that this vulnerability is different from CVE-2021-1675, which was related to different threat vectors and a distinct exploit in RpcAddPrinterDriverEx(). As per Microsoft, the issue was dealt with the June 2021 update, however, it was not aware of the new threat. The issue existed before the update. "It remains very much an evolving situation as Microsoft scrambles to deal with the problem. Be that as it may, a vuln that can gift an attacker SYSTEM rights on a domain controller is a very, very bad thing indeed," The Register says. Microsoft also said that the vulnerability (PrintNightmare) was being exploited in the open. PrintNightmare is very infamous since it allows hackers to run arbitrary codes with System Privileges. According to Thee Register, a hacker successfully exploits the vulnerability (through an exploit in Windows Printer Spooler service) by installing softwares. The hacker can also play with data, and create new user accounts with full rights. As per Microsoft, the attack should involve an authorized user named RpcAddPrinterDriverEx(). The zero-day vulnerability was mistakenly revealed earlier this week, when a cybersecurity firm posted a PoC (Proof of Concept) report on the expl ..
Support the originator by clicking the read the rest link below.
