Microsoft has issued a warning to its Windows users informing them of an exploit through the PrintSpooler service called PrintNightmare. This vulnerability was discovered by three separate security agencies, namely Tencent, AFINE and NSFOCUS. It was reported by Bleeping Computer.
Seeing the exploit out in the wild, another Chinese company called Sangfor released a technical writeup of the exploit calling it PrintNightmare. Administrators have been advised to stop and disable the ‘PrintSpooler’ service as this seems to be the primary source of infection and allows threat actors access to servers connected via the service.
Microsoft’s 365 Defender customers already have access to a threat analysis report and mitigation guidelines that will help them combat the threat. As of now, Microsoft has not released an official patch for the threat.
Microsoft 365 Defender customers can also refer to the threat analytics report we published on this vulnerability. The report provides tech details, guidance for mitigating the impact of this threat, and advanced hunting queries, which are published here: https://t.co/tBunCJgn6W
— Microsoft Security Intelligence (@MsftSecIntel) July 2, 2021
The exploit seems to be present on all versions of Windows and while Microsoft investigates the issue, unofficial patches have been made available on Opatch till the Redmond software giant provides a fix.
We have our first patch candidates for PrintNightmare / CVE-2021-34527, which should be deployed (and applied) within hours. We’re starting with:
– Server 2019
– Server 2016
– Server 2012
As usual, all must have June updates applied for our micropatches to work.
— 0patch (@0patch) July 2, 2021