PrintNightmare
PrintNightmare
Security vulnerability in Microsoft Windows
PrintNightmare is a critical security vulnerability affecting the Microsoft Windows operating system.[2][4] The vulnerability occurred within the print spooler service.[5][6] There were two variants, one permitting remote code execution (CVE-2021-34527), and the other leading to privilege escalation (CVE-2021-1675).[6][7] A third vulnerability (CVE-2021-34481) was announced July 15, 2021, and upgraded to remote code execution by Microsoft in August.[8][9]
On July 6, 2021, Microsoft started releasing out-of-band (unscheduled) patches attempting to address the vulnerability.[10] Due to its severity, Microsoft released patches for Windows 7, for which support had ended in January 2020.[10][11] The patches resulted in some printers ceasing to function.[12][13] Researchers have noted that the vulnerability has not been fully addressed by the patches.[14] After the patch is applied, only administrator accounts on Windows print server will be able to install printer drivers.[15] Part of the vulnerability related to the ability of non-administrators to install printer drivers on the system, such as shared printers on system without sharing password protection.[15]
The organization which discovered the vulnerability, Sangfor, published a proof of concept in a public GitHub repository.[3][16] Apparently published in error, or as a result of a miscommunication between the researchers and Microsoft, the proof of concept was deleted shortly after.[3][17] However, several copies have since appeared online.[3]