Microsoft has published an advisory pertaining to a new Windows print spooler remote code execution vulnerability that leverages code present in all versions of the operating system. Appropriately dubbed “PrintNightmare,” the vulnerability allows attackers to remotely execute code with system privileges, letting them install programs, delete data, and create accounts with full user rights. Microsoft has confirmed that the vulnerability is being actively exploited, but while there doesn’t seem to be an official fix yet, 0patch is offering temporary patches for Windows users who’d like to address the zero-day straight away. Other options include disabling the Print Spooler service or disabling inbound remote printing through Group Policy.
Microsoft has assigned CVE-2021-34527 to the remote code execution vulnerability that affects Windows Print Spooler. Get more info here: https://t.co/OarPvNCX7O— Microsoft Security Intelligence (@MsftSecIntel) July 2, 2021
Our patches will be free until Microsoft has issued an official fix. If you want to use them, create a free account at https://t.co/wayCdhpc38, then install®ister 0patch Agent from https://t.co/UMXoQqpLQh. Everything else will happen automatically. No restarts needed.— 0patch (@0patch) July 2, 2021
[…] CISA has also issued a notification on the PrintNightmare zero-day encouraging admins to disable the Windows Print Spooler service on servers not used for printing. Per Microsoft’s previous recommendations on how to mitigate risks on Domain controllers with Print spooler service running, the service should be disabled on all Domain Controllers and Active Directory admin systems via a Group Policy Object due to the increased exposure to attacks.