Rewterz Threat Advisory – Microsoft Windows Print Spooler Remote Code Execution Vulnerability PoC Leaked

Severity

High

Analysis Summary

CVE-2021-1675, a Windows Print Spooler vulnerability that Microsoft patched in June 2021, has a leaked PoC which possesses a greater threat than initially thought. Researchers say that this can be exploited for remote code execution. This has been  Credited to Zhipeng Huo of Tencent Security Xuanwu Lab, Piotr Madej of AFINE, and Yunhai Zhang of NSFOCUS TIANJIN Lab.

CVE-2021-1675 (aka “PrintNightmare”) was initially classed as low severity vulnerability, allowing local privilege elevation, and was patched on June 2021 Patch Tuesday.

Print Spooler

The Windows Print Spooler is an application / interface / service that interacts with local or networked printers and manages the printing process. It is an old component and several bugs have been previously found as well in them. But this time it possesses a far more risk than any other previous bugs.

Impact

• Remote code execution
• Privilege escalation
• Full control of vulnerable systems

Affected Vendors

Microsoft

Affected Products

• Windows Server 2004
• Microsoft Windows Server 2008
• Windows Server 2008 R2

Remediation

Disable “Print Spooler” service on servers that do not require it.
Refer to Microsoft website for complete list of affected products and their respective patches.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675