Rewterz Threat Alert – Nanocore Rat – Active IOCs
June 30, 2021Rewterz Threat Advisory – CVE-2021-20461 – IBM Cognos Analytics Vulnerability
July 1, 2021Rewterz Threat Alert – Nanocore Rat – Active IOCs
June 30, 2021Rewterz Threat Advisory – CVE-2021-20461 – IBM Cognos Analytics Vulnerability
July 1, 2021Severity
High
Analysis Summary
CVE-2021-1675, a Windows Print Spooler vulnerability that Microsoft patched in June 2021, has a leaked PoC which possesses a greater threat than initially thought. Researchers say that this can be exploited for remote code execution. This has been Credited to Zhipeng Huo of Tencent Security Xuanwu Lab, Piotr Madej of AFINE, and Yunhai Zhang of NSFOCUS TIANJIN Lab.
CVE-2021-1675 (aka “PrintNightmare”) was initially classed as low severity vulnerability, allowing local privilege elevation, and was patched on June 2021 Patch Tuesday.
Print Spooler
The Windows Print Spooler is an application / interface / service that interacts with local or networked printers and manages the printing process. It is an old component and several bugs have been previously found as well in them. But this time it possesses a far more risk than any other previous bugs.
Impact
- Remote code execution
- Privilege escalation
- Full control of vulnerable systems
Affected Vendors
Microsoft
Affected Products
- Windows Server 2004
- Microsoft Windows Server 2008
- Windows Server 2008 R2
Remediation
Disable “Print Spooler” service on servers that do not require it.
Refer to Microsoft website for complete list of affected products and their respective patches.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675