The bug exploits a misconfiguration in the spoolsv.exe service on windows servers and enables an attacker with domain credentials to execute a malicious print driver DLL and achieve priviledge escalation to that of SYSTEM on a domain controller or print server. PrintNightmare/CVE-2021-34527 & CVE-2021-1675 are remote code execution bugs that affect the printer spooler service in windows. It is essential to test in your environment before pushing any advice straight to production. The vulnerability itself was found and published by Zhipeng Huo Piotr Madej, and Yunhai Zhang.Ĭaveat: All of the understanding in this post is pulled from the proofs of concept released and fixes/workarounds that have been tested in a lab. This post highlights how the exploit PoCs released on Github work and how the specific vulnerability can be fixed and detected. PrintNightmare(CVE-2021-34527) was released as a proof of concept this week on Github.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |