2 min read

Security Researchers Mistakenly Publish Zero-Day PrintNightmare Vulnerability

Silviu STAHIE

July 06, 2021

Security Researchers Mistakenly Publish Zero-Day PrintNightmare Vulnerability

Microsoft released a patch for a zero-day vulnerability affecting the Windows print spooler, which allowed attackers to control the system remotely, but security researchers released a proof-of-concept for a similar vulnerability thinking it was already patched. It turns out they revealed a completely different zero-day vulnerability.

Microsoft released its regular patch Tuesday update, which also covered a vulnerability (CVE-2021-1675) affecting the Windows Print Spooler, which “fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system.”

After the company patched the OS, security researchers published, and quickly deleted, a proof-of-concept for a Windows Print Spooler vulnerability. As it happens, it was a new vulnerability (CVE-2021-34527), which has since been dubbed PrintNightmare.

“A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations,” explains PrintNightmare’s advisory. “An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

The good news is that it still requires an authenticated user calling RpcAddPrinterDriverEx(). Because a patch is still in the works, Microsoft published some mitigations. Users and admins have to reduce the attack surface. Since disabling the entire printing function is not really an option, they should check membership and nested group membership in the groups listed below:

  • Administrators
  • Domain Controllers
  • Read-Only Domain Controllers
  • Enterprise Read-Only Domain Controllers
  • Certificate Admins
  • Schema Admins
  • Enterprise Admins
  • Group Policy Admins
  • Power Users
  • System Operators
  • Print Operators
  • Backup Operators
  • RAS Servers
  • Pre-Windows 2000 Compatible Access
  • Network Configuration Operators Group Object
  • Cryptographic Operators Group Object
  • Local account and member of the Administrators group

Of course, removing users from these groups can cause other problems. Keep in mind that PrintNightmare affects all available Windows versions, including Windows 7. You can also try the workarounds Microsoft posted in the advisory.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Threat Actors Impersonate Standard Chartered Bank To Spread FormBook Malware Threat Actors Impersonate Standard Chartered Bank To Spread FormBook Malware
Alina BÎZGĂ

July 28, 2021

2 min read
Despite all the advice, 97.7% of Twitter users have still not enabled two-factor authentication Despite all the advice, 97.7% of Twitter users have still not enabled two-factor authentication
Graham CLULEY

July 27, 2021

3 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
Alina BÎZGĂ

July 16, 2021

3 min read