Sangfor Technologies researchers accidentally published a proof of concept exploit for PrintNightmare via GitHub on June 29. According to MalwareBytes, the researchers believed their exploit was addressed by a June 8 security update to Windows 10 for another vulnerability, CVE-2021-1675. The researchers deleted that repository, but it can still be found online.
Microsoft said in a security bulletin that PrintNightmare, to which it assigned the identifier CVE-2021-34527, is “similar but distinct from the vulnerability that is assigned CVE-2021-1675.” It also said attackers can exploit PrintNightmare to “install programs; view, change, or delete data; or create new accounts with full user rights” after gaining SYSTEM privileges on a device.
The vulnerability is found in code related to the Windows Print Spooler executable that handles pretty much every aspect of the process involved with printing something from a PC. Microsoft said that by default Windows Print Spooler launches alongside Windows and only closes when the operating system itself is shut down. That makes it an attractive target for attackers.
Microsoft Confirms ‘PrintNightmare’ Vulnerability Affects All Windows Versions
