Windows’PrintNightmare’ vulnerability being actively exploited by attackers
Source: Daniel Rubino/Windows Central
The Windows Print Spooler service has an unpatched critical flaw that’s been dubbed “PrintNightmare.” Microsoft warns people about the vulnerability and breaks down how it works in a recent post:
“A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations,” says the company. “An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
According to Microsoft, the vulnerability is being actively exploited.
The vulnerability appears to have been accidently published in the form of a proof-of-concept exploit. Sangfor researchers published the proof-of-concept but have since deleted it. Unfortunately, the code was forked on GitHub before it was removed.
As explained by The Verge, the researchers at Sangfor appeared to have thought the vulnerability had been patched by Microsoft. The company had patched issues related to Windows Print Spooler, but they were not for this specific issue.
Microsoft lists two options as workarounds for the issue:
- Disable the Print Spooler service
- Disable inbound remote printing through Group Policy
While publicly known as PrintNightmare, Microsoft has assigned the name CVE-2021-34527 to the vulnerability.
Microsoft is still investigating the severity of this vulnerability. The company is also investigating if all versions of Windows are exploitable.
“The code that contains the vulnerability is in all versions of Windows,” says Microsoft. “We are still investigating whether all versions are exploitable. We will update this CVE when that information is evident.”
We may earn a commission for purchases using our links. Learn more.
Halo Infinite’s Academy training mode is exactly what the franchise needs
While the spotlight was primarily on Halo Infinite’s multiplayer gameplay mechanics and design during E3 2021, another standout feature of the multiplayer experience that was revealed is the Academy training mode. Here’s why this mode is exactly what the franchise needs.
Here’s everything we know about Forza Horizon 5 on Xbox and PC
Forza Horizon 5 is official, and it’s one of the most visually impressive games we’ve ever seen. We’ve done our research and gathered every scrap of information we could find. Here’s everything you need to know about Forza Horizon 5, launching on Xbox and PC on Nov. 9, 2021.
