Windows PrintNightmare (CVE-2021-34527)

PrintNightmare is a remote code execution vulnerability in the Windows Print Spooler service. A remote authenticated attacker could utilise PrintNightmare to escalate their privileges or execute unauthorised code on a targeted system.

Originally designated CVE-2021-1675, Microsoft advised a CVSSv3 score of 7.8/10.0, and made further technical adjustments to the CVE on June 21st.

On June 29th security researchers made exploitation code public, exploiting vulnerabilities not addressed by Microsoft’s June patch release. This has since been included in well establish exploitation tools.

Microsoft have now provided an official response, and detailed workaround methods to protect systems against PrintNightmare.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

The workaround guidance involves disabling the affected print spooler service, either locally or through Group Policy.

Please note Microsoft have stated:

“Impact of workaround This policy will block the remote attack vector by preventing inbound remote printing operations. The system will no longer function as a print server, but local printing to a directly attached device will still be possible.”

The CERT Coordination Center (CERT/CC) have released additional information regarding this vulnerability:

https://www.kb.cert.org/vuls/id/383432

Update – Jul 7, 2021 – Microsoft have released out of band updates to address this issue, please review Microsofts CVE article for additional information.

Please do not hesitate to contact your service representative should you have any queries or concerns regarding this information.