A proof of concept for a new critical windows security vulnerability was published to GitHub before quickly taken down. However, the code was online long enough for cybersecurity researchers to copy and begin testing.
The bug has been given the “PrintNightmare” nickname because of the way it allows the Windows Print Spooler to be exploited and permits the elevation of privileges as well as remote code execution.
Microsoft has addressed the flaw in a newly released Windows Security update released on Tuesday.
Windows Print Spooler Vulnerability
The windows print spooler service is a built-in service that handles print jobs between applications and local or networked printers. The print spooler service is enabled by default on all Windows installations.
The vulnerability was initially given a low-importance elevation of privilege status but was upgraded to remote code execution grade after being reviewed by tech experts.
Cybersecurity researchers from Chinese firm QiAnXin have published a video online showing how the exploit works:
The proof of concept shows how an attacker with a typical low privilege domain user account can take over the entire Windows Server Active Directory. The attack means that we should expect to see an increase in phishing attacks against organizations as hackers attempt to obtain an entry vector.
Although Microsoft has released a patch for this newly found vulnerability, the patch does not yet protect against remote command execution.
Until a more comprehensive patch is released by Microsoft, the only proper method to protect against exploit is to Disable the Print Spooler service.
Proof of concept forked in Github
The original proof of concept was published to GitHub but quickly removed since being accepted into the Black Hat USA 2021 cybersecurity conference.
However, the proof of concept had already been seen by many people and has now been forked to a new repository on GitHub:
The cybersecurity researchers have also stated that they have uncovered more flaws in the Windows Print Spooler and plan to release these at the Black Hat USA 2021 cybersecurity conference from July 31 to August 3.