[MART] - Daily Diary #296 - New Windows Exploit Published On Github (cont)

CTAS-MAT ctas-mat at appgate.com
Thu Jul 1 23:59:33 UTC 2021 

Hello,
I hope everyone is doing well!

Below is the entry for today.

07/01/2021 - Diary entry #296:

Yesterday, in our Daily Diary #295, we covered a new Windows exploit, PrintNightmare, released publicly on Github. Initially, it was thought that the exploit targeted CVE-2021-1675, a vulnerability recently fixed by Microsoft. Turns out the released code is for a 0-day exploit targeting another Print Spooler vulnerability, one that was not fixed in the June Path as we covered.

Today, July 1st, the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about PrintNightmare. According to CISA, network administrators should disable Windows Print spooler service in Domain Controllers and systems that do not use the print function. The CERT Coordination Center also issued a note, teaching administrators on how to disable the service.

This incident makes the vulnerability even more dangerous, it's just a matter of time before threat actors embed PrintNightmare exploits into their malware. As the vulnerability can be used for both privilege escalation and Remote Code Execution (RCE), in case a Domain account is compromised, we highly recommend system administrators to follow CISA recommendations and disable the print service in servers that do not use it.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Duarte Domingues
Security Researcher
Appgate

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20210701/a5883f78/attachment.html>

More information about the MART mailing list