Microsoft has issued an emergency out-of-band security patch to fix a recently discovered critical vulnerability that could allow attackers to take over targeted computers remotely.
Dubbed “PrintNightmare” by the cybersecurity community, the flaw is contained in the Windows Print Spooler service, which runs by default on many Windows versions currently in general use.
Microsoft explained attackers who successfully exploited the vulnerability could run arbitrary code with System-level privileges.
“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” the company said.
The vulnerability took centre stage after Chinese security researchers had published Proof of Concept (PoC) exploit code of the flaw on GitHub, as they were under the impression that Microsoft had patched the vulnerability.
Soon thereafter, the security community realised that the security indicator Microsoft had published before the publication of the PoC, CVE-2021-1675, had merged two bugs into one.
By the time of the PoC publication, only an elevated privilege bug had been fixed, while attackers could still exploit the Print Spooler service vulnerability.
The Chinese researchers quickly removed the PoC to avoid exposing their methods to malicious actors.
The Print Spooler service is infamous for its many vulnerabilities uncovered over several years, with notable bugs including PrintDemon, FaxHell, and Evil Printer.
The PoC is available again now that the issue has been fixed. Below is a video of how the researchers exploited the vulnerability.
Recently, we found right approaches to exploit #CVE-2021-1675 successfully, both #LPE and #RCE. It is interesting that the vulnerability was classified into #LPE only by Microsoft, however, it was changed into Remote Code Execution recently.https://t.co/PQO3B12hoE pic.twitter.com/kbYknK9fBw
— RedDrip Team (@RedDrip7) June 28, 2021
Microsoft has now issued a separate security indicator for the bug called CVE-2021-34527.
Patches have been released for Windows 10, Windows 8.1, Windows 8.1 RT, Windows Server 2019, Windows Server 2012 R2, and Windows Server 2008.
Notably, it also provided a fix for the bug on Windows 7, despite officially ending support for the older OS last year.
Microsoft recommended that users install these updates immediately.
The company also provided an FAQ and workarounds for those who can’t install the update.
The first option is to disable the Print Spooler service entirely, breaking the ability to print locally and remotely.
The second option is to disable remote printing via the Group Policy.