Skip to content

Windows PrintNightmare vulnerability is being actively exploited

  • by
  • 3 min read

A Windows vulnerability arising from the Windows Print Spooler service dubbed PrintNightmare was uncovered earlier this week. The vulnerability came to light after security researchers at Sangfor accidentally published a proof-of-concept exploit in what appears to be either a mistake or miscommunication between the researchers and Microsoft. 

The vulnerability, identified as CVE-2021-34527, allows an attacker to execute code with system-level privileges remotely. As you can probably guess, this is as bad as it gets in Windows. Microsoft has already started warning users about the unpatched flaw. 

Although the test code was quickly removed from Github, it was forked already. That means there’s code floating around the internet to exploit an unpatched Windows flaw, and that’s pretty scary.

In the News: FBI, NSA and partners warn of global Russian Brute Force cyber attack

Windows being actively exploited

Microsoft has taken a few days to come around and finally issue an alert about the 0-day issue. BleepingComputer reported that the company has started warning customers that the vulnerability is being actively exploited. Since it allows remote code execution, threat actors could potentially install programs, change data and even create new accounts with admin permissions. 

While the company hasn’t released any patches or updates to fix the issue yet, users can take a few mitigation measures to protect themselves. 

The options mainly revolve around disabling the Windows Print Spooler service or disabling inbound remote printing through the Group Policy Editor to remove the remote attack vector. In this case, your system will not function as a print server, but you’ll still be able to print locally from a device attached to your PC.

In another related report by BleepingComputer, the CISA had also issued a notification on the PrintNightmare vulnerability asking system administrators to disable the Print Spooler service no Windows servers not used for printing. 

Concerned users can execute the following two commands using Windows Powershell to disable the Print Spooler Service if appropriate.

Stop-Service -Name Spooler -Force
Set-Service -Name Spooler -StartupType Disabled

Alternatively, users can also disable inbound remote printing through the Group Policy editor by disabling the Allow Print Spooler to accept client connections policy under Computer Configuration/Administrative Templates/Printers.

In the News: Millions paid, Petabytes of data leaked: June 2021 Cyberattacks roundup

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: