Multiple reports were released this week about PrintNightmare, a critical vulnerability residing in the Windows systems print service tracked as CVE-2021-1675. Apparently the company was unable to fix this flaw properly, so some functional exploits started appearing on platforms like GitHub.
While this was already a delicate situation, it all got even more complicated on Thursday when Microsoft released its reports related to CVE-2021-34527: “A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs operations on privileged files. A threat actor could execute arbitrary code with SYSTEM privileges to install programs, in addition to viewing, modifying, and arbitrarily deleting data.
The report created more confusion, as Microsoft points out that this could be considered the same flaw as PrintNightmare, although it really isn’t: “These vulnerabilities are similar but distinct. CVE-2021-1675 was mapped to a different flaw in RpcAddPrinterDriverEx(). The attack vector is also different and this flaw was corrected in June 2021,” the Microsoft report mentions.
The company mentions that the update to address the first reported flaw is not related to the appearance of the second vulnerability, in addition to noting that the flaw resides in all versions of the operating system. Microsoft claims that the investigation is still ongoing, so right now it’s impossible to determine if all versions of exploits are executable.
In other words, the flaws are actually similar but have a different vector, which is why Microsoft identifies them as separate errors. To prevent exploitation, experts recommend disabling the print spooler service or disabling remote printing through group policy, which blocks the remote attack vector: “The system will no longer function as a print server, but local printing on a directly connected device will still be possible,” the company’s report says.
Microsoft mentions that CVE-2021-1675 scored 7.8/10 on the Common Vulnerability Scoring System (CVSS) scale: “This is an evolving situation and we will update the CVE as more information becomes available.”
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science at Miami and started working as a cyber security analyst in 2008. He is actively working as an cyber security investigator. He also worked for security companies like Cisco. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.