In June, Microsoft patched a critical-rated vulnerability called CVE-2021-1675. This vulnerability allowed hackers to take remote control over PCs through the Print Spooler system—pretty scary stuff! Unfortunately, researchers at Chinese tech company Sangfor have set a similar exploit called PrintNightmare on the loose after telling hackers how to take advantage of a previously undiscovered bug.
Update, 7/7/21 11:29 am Eastern: Microsoft is now pushing an emergency update to patch the PrintNightmare vulnerability. This update extends to most versions of the Windows operating system, including Windows 7.
How did this happen? Well, Sangfor is preparing to hold a conference on Windows’ printer system, which has always been vulnerable to hackers. To get people ready for this conference, Sangfor decided to publish a Proof of Concept (POC) explaining how the recently-patched CVE-2021-1675 works and all the dangerous things you can do with it.
But these researchers weren’t playing with CVE-2021-1675. It turns out that they had discovered a similar vulnerability in the Windows Print Spooler called PrintNightmare—which now carries the flattering CVE-2021-34527 moniker. By publishing a POC on PrintNightmare, Sangfor effectively taught hackers how to take advantage of a dangerous, zero-day bug in the Windows system.
Microsoft has assigned CVE-2021-34527 to the remote code execution vulnerability that affects Windows Print Spooler. Get more info here: https://t.co/OarPvNCX7O
— Microsoft Security Intelligence (@MsftSecIntel) July 2, 2021
PrintNightmare impacts all versions of Windows, according to Microsoft. It’s a bug within the Windows Print Spooler—a complicated tool that Windows uses to juggle printing schedules, among other things. Hackers who exploit this vulnerability gain full control over a system, with the power to run arbitrary code, install software, and manage files.
In a June 1st Microsoft Security Response Center post, the company states that hackers need to log into a PC before running the PrintNightmare exploit (meaning that businesses, libraries, and other organizations with large networks may be the most vulnerable). Microsoft says that hackers are actively exploiting PrintNightmare to compromise systems, so concerned parties should take steps to mitigate the problem.
Currently, though, the only way to defend a PC from PrintNightmare is to disable printing functions like the Print Spooler. This precaution may be impossible in organizations where printing networks are a necessity, but you can learn how to take these steps at the Microsoft Security Response Center.