PrintNightmare Exploited By Security Researchers in China
Unveiling PrintNightmare exploits! Learn how Tekie Geek investigates the security landscape. Stay informed and stay secure with insights from our experts.
Yet another mess in the cyberworld to worry about.
Yesterday, security researchers accidentally leaked the details of a critical Windows print spooler vulnerability, called “PrintNightmare”, along with a proof-of-concept.
The flaw, which we’re told is a Stuxnet-style zero-day, can be exploited to completely compromise a user’s Windows system.
Microsoft issued a patch for CVE-2021-1675, described as a "Windows Print Spooler Elevation of Privilege Vulnerability" last Tuesday, and this is where things went terribly wrong. After seeing this patch was published, security researchers then decided to release the technical details of what they thought was the same vulnerability, along with a proof-of-concept, but they had actually released details on a different, but quite similar vulnerability.
At first, Microsoft classified CVE-2021-1675 as a “high-severity, privilege escalation issue” but just a few weeks later, changed the classification to “a critical remote code execution flaw”, without providing any further details.
At the end of last month, researchers from Chinese security vendor QiAnXin posted a video showing that they had been able to achieve privilege escalation and remote code execution with the vulnerability. Then, other security researchers from Sangfor got a little confused and published a technical write up of what they thought was the same bug, calling it “PrintNightmare”.
In actuality, PrintNightmare and CVE-2021-1675 are different vulnerabilities, so Sangfor had basically revealed how to exploit a serious, unpatched vulnerability within Windows. Although the proof-of-concept exploit code was pulled, it was already too late, as this code was already seen and grabbed by many people.
At the moment, it is not clear when PrintNightmare will be patched. So, at this point, system admins are being advised to disable the Windows print spool service on domain controllers, even though the problem affects non-domain systems as well.
For hundreds of our managed service clients, as of 9 AM this morning, all Tekie Geek monitored servers have had the recommended actions put in place to protect against PrintNightmare. We have also went through to verify no servers had already been exploited with this 0 Day exploit.
Aren't using Tekie Geek for your IT? PLEASE make sure your IT provider takes the steps to mitigate this huge risk.
If you’re looking for better peace of mind and protection from these issues that are constantly popping up, we can help! Let’s get on a call and talk about how Tekie Geek can better protect your business from the cyberthreats that await behind the computer screen.
