Jump to content
  • Actively exploited PrintNightmare zero-day gets unofficial patch

    Karlston

    • 654 views
    • 2 minutes
     Share


    • 654 views
    • 2 minutes

    Actively exploited PrintNightmare zero-day gets unofficial patch

     

    Free micropatches addressing the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service are now available through the 0patch platform.

     

    The buggy code behind this remote code execution bug (tracked as CVE-2021-34527) is present in all versions of Windows, with Microsoft still investigating if the vulnerability can be exploited exploitable on all of them.

    CVE-2021-34527 enables attackers to take over affected servers via RCE with SYSTEM privileges, allowing them to install programs, view, change, or delete data, and create new accounts with full user rights.

     

    Even though no security updates are available to address the PrintNightmare security flaw at the moment, Microsoft has shared mitigation measures to block attackers from compromising vulnerable systems and is working on a fix.

     

    This is where the 0patch micropatching service comes in, with free micropatches for Windows Server versions 2019, 2016, 2012 (updated with June 2021 Updates) and 2008 R2 (with January 2020 Updates installed and no Extended Security Updates).

     

    According to 0patch, "some of the above patches may not be issued yet at the time of this writing, but will be within next hours."

     

    In related news, CISA has also issued a PrintNightmare notification urging admins to disable the Windows Print Spooler service on servers not used for printing.

     

    Microsoft also recommends that the printing service should be disabled on all Domain Controllers and Active Directory admin systems in a support document on mitigating risks on Domain controllers with the Print Spooler service enabled.

     

    The company's advice takes into consideration the fact that this service is enabled by default on most Windows clients and server platforms, drastically increasing the risk of future attacks targeting vulnerable systems.

     

    Until official security updates are available, applying the 0patch micropatches or implementing the mitigations provided by Microsoft should block attackers from breaching your network using PrintNightmare exploits.

     

     

    Actively exploited PrintNightmare zero-day gets unofficial patch


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...