Security AdvisoryCritical Vulnerability CVE-2021-34527 (PrintNightmare)
General - ATTN: All Windows systems administrators and system owners
What Happened?
A critical vulnerability in the print spooler service of Microsoft Windows was disclosed to the public last week. Referred to as “PrintNightmare,” this vulnerability allows an attacker to run commands, install programs, modify data, and create new Windows accounts with full Windows SYSTEM privileges.
Code to exploit this vulnerability has been published online, and exploit toolkits have already started including functionality to attack this vulnerability. There are currently no active, confirmed attacks occurring in the wild, but this is likely to change over the next several days or weeks.
Key Points:
* This critical vulnerability affects all versions of Microsoft Windows.
* Domain controllers are particularly at risk, as they are high-value targets.
* An attacker needs valid login credentials to compromise a vulnerable system.
* The most recent cycle of Windows updates do NOT protect against this vulnerability.Microsoft has released an out-of-cycle update on July 6th to address this vulnerability, however.
There are also workarounds that will mitigate this vulnerability until a patch is released by Microsoft.
NOTE: These workarounds will disable the vulnerable system’s ability to print.
Not necessarily. We do not give our users the ability to install software. However, this exploit uses the built in SYSTEM account. So this exploit will work regardless of the permission level of the account used to access the system originally.