Sangfor Technologies researchers accidentally published a proof of concept exploit for PrintNightmare via GitHub on June 29. According to MalwareBytes, the researchers believed their exploit was addressed by a June 8 security update to Windows 10 for another vulnerability, CVE-2021-1675. The researchers deleted that repository, but it can still be found online.
Microsoft said in a security bulletin that PrintNightmare, to which it assigned the identifier CVE-2021-34527, is “similar but distinct from the vulnerability that is assigned CVE-2021-1675.” It also said attackers can exploit PrintNightmare to “install programs; view, change, or delete data; or create new accounts with full user rights” after gaining SYSTEM privileges on a device.
The vulnerability is found in code related to the Windows Print Spooler executable that handles pretty much every aspect of the process involved with printing something from a PC. Microsoft said that by default Windows Print Spooler launches alongside Windows and only closes when the operating system itself is shut down. That makes it an attractive target for attackers.