Skip to content

Windows PrintNightmare vulnerability is being actively exploited

A Windows vulnerability arising from the Windows Print Spooler service dubbed PrintNightmare was uncovered earlier this week. The vulnerability came to light after security researchers at Sangfor accidentally published a proof-of-concept exploit in what appears to be either a mistake or miscommunication between the researchers and Microsoft. 

The vulnerability, identified as CVE-2021-34527, allows an attacker to execute code with system-level privileges remotely. As you can probably guess, this is as bad as it gets in Windows. Microsoft has already started warning users about the unpatched flaw. 

Although the test code was quickly removed from Github, it was forked already. That means there’s code floating around the internet to exploit an unpatched Windows flaw, and that’s pretty scary. 

In the News: FBI, NSA and partners warn of global Russian Brute Force cyber attack


Windows being actively exploited

Microsoft has taken a few days to come around and finally issue an alert about the 0-day issue. BleepingComputer reported that the company has started warning customers that the vulnerability is being actively exploited. Since it allows remote code execution, threat actors could potentially install programs, change data and even create new accounts with admin permissions. 

While the company hasn’t released any patches or updates to fix the issue yet, users can take a few mitigation measures to protect themselves. 

The options mainly revolve around disabling the Windows Print Spooler service or disabling inbound remote printing through the Group Policy Editor to remove the remote attack vector. In this case, your system will not function as a print server, but you’ll still be able to print locally from a device attached to your PC.

In another related report by BleepingComputer, the CISA had also issued a notification on the PrintNightmare vulnerability asking system administrators to disable the Print Spooler service no Windows servers not used for printing. 

Concerned users can execute the following two commands using Windows Powershell to disable the Print Spooler Service if appropriate.

Stop-Service -Name Spooler -Force
Set-Service -Name Spooler -StartupType Disabled

Alternatively, users can also disable inbound remote printing through the Group Policy editor by disabling the Allow Print Spooler to accept client connections policy under Computer Configuration/Administrative Templates/Printers.

In the News: Millions paid, Petabytes of data leaked: June 2021 Cyberattacks roundup

Hello There!

If you like what you read, please support our publication by sharing it with your friends, family and colleagues. We're an ad-supported publication. So, if you're running an Adblocker, we humbly request you to whitelist us.

Share on facebook
Share on whatsapp
Share on twitter
Share on reddit
Share on linkedin
Share on pocket
Share on pinterest
Share on telegram
Share on stumbleupon
Share on digg
Share on tumblr
Share on email
Share on skype
Share on xing
Share on vk
Share on odnoklassniki
Share on mix








>