Remote code execution (“PrintNightmare”) vulnerabilities in Microsoft Windows

Multiple remote code execution vulnerabilities were identified in Microsoft Windows Print Spooler Service named “PrintNightmare”, a remote attacker could exploit these vulnerabilities to trigger remote code execution with SYSTEM privileges on the targeted system.  The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights by exploited the captioned vulnerability.

System administrators are strongly recommended to apply the security updates and take remedial measures whereas possible.

Vulnerabilities

  • Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34527) (PrintNightmare)
  • Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-1675)
  • Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34481)

Severity Level

Critical

Affected Product Version

All versions of Windows are vulnerable.

Remediation

  1. For all Windows Desktop OS, or Windows Servers running as Print Server:
    1. Install the latest security updates for your system.

[Update] Windows updates released 10 August 2021 and later will, by default, require administrative privilege to install drivers.  Please refer to KB5005652—Manage new Point and Print default driver installation behavior (CVE-2021-34481) for details.

  1. For Windows servers that do not need Printer function, please install those security patches and please consider to disable the Print Spooler service.

Reference

Enquiry

Updated on: 25 Sep 2021