Educause Security Discussion mailing list archives
0-day exploit widely circulating for the Printnightmare vulnerability
From: Alex Keller <axkeller () STANFORD EDU>
Date: Wed, 30 Jun 2021 20:17:54 +0000
Details are still emerging but 0-day exploit code is widely circulating for the Printnightmare vulnerability. Exploit requires authentication using a standard domain user account and allows for remote code execution as SYSTEM (root) on most recent versions of Windows OS (e.g. Win10, 2012R2, 2016, 2019) where the Print Spooler service is running, which by default includes Domain Controllers: https://www.bleepingcomputer.com/news/security/public-windows-printnightmare-0-day-exploit-allows-domain-takeover/ https://therecord.media/poc-released-for-dangerous-windows-printnightmare-bug/ https://twitter.com/hackerfantastic/status/1410100394492112898 Microsoft has NOT released a patch yet (June patch for CVE-2021-1675 does NOT prevent exploitation). Strong recommendation is to disable the Print Spooler service on critical Windows hosts, prioritizing Domain Controllers and other servers. Unfortunately this may not be an option for print servers and endpoints that need to print. Best, Alex Alex Keller Stanford | Engineering Information Technology axkeller () stanford edu (650)736-6421 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- 0-day exploit widely circulating for the Printnightmare vulnerability Alex Keller (Jun 30)