We select and review products independently. When you purchase through our links we may earn a commission. Learn more.

Researchers Find New Windows Exploit, Accidentally Tell Hackers How to Use It

A dark and staticy picture of the Windows logo.

In June, Microsoft patched a critical-rated vulnerability called CVE-2021-1675. This vulnerability allowed hackers to take remote control over PCs through the Print Spooler system—pretty scary stuff! Unfortunately, researchers at Chinese tech company Sangfor have set a similar exploit called PrintNightmare on the loose after telling hackers how to take advantage of a previously undiscovered bug.

Update, 7/7/21 11:29 am Eastern: Microsoft is now pushing an emergency update to patch the PrintNightmare vulnerability. This update extends to most versions of the Windows operating system, including Windows 7.

How did this happen? Well, Sangfor is preparing to hold a conference on Windows’ printer system, which has always been vulnerable to hackers. To get people ready for this conference, Sangfor decided to publish a Proof of Concept (POC) explaining how the recently-patched CVE-2021-1675 works and all the dangerous things you can do with it.

But these researchers weren’t playing with CVE-2021-1675. It turns out that they had discovered a similar vulnerability in the Windows Print Spooler called PrintNightmare—which now carries the flattering CVE-2021-34527 moniker. By publishing a POC on PrintNightmare, Sangfor effectively taught hackers how to take advantage of a dangerous, zero-day bug in the Windows system.

PrintNightmare impacts all versions of Windows, according to Microsoft. It’s a bug within the Windows Print Spooler—a complicated tool that Windows uses to juggle printing schedules, among other things. Hackers who exploit this vulnerability gain full control over a system, with the power to run arbitrary code, install software, and manage files.

In a June 1st Microsoft Security Response Center post, the company states that hackers need to log into a PC before running the PrintNightmare exploit (meaning that businesses, libraries, and other organizations with large networks may be the most vulnerable). Microsoft says that hackers are actively exploiting PrintNightmare to compromise systems, so concerned parties should take steps to mitigate the problem.

Currently, though, the only way to defend a PC from PrintNightmare is to disable printing functions like the Print Spooler. This precaution may be impossible in organizations where printing networks are a necessity, but you can learn how to take these steps at the Microsoft Security Response Center.

Source: Microsoft via Bleeping Computer, Forbes

Andrew Heinzman Andrew Heinzman
Andrew is the News Editor for Review Geek, where he covers breaking stories and manages the news team. He joined Life Savvy Media as a freelance writer in 2018 and has experience in a number of topics, including mobile hardware, audio, and IoT. Read Full Bio »