[MART] - Daily Diary #295 - New Windows Exploit Published On Github

CTAS-MAT ctas-mat at appgate.com
Wed Jun 30 20:15:16 UTC 2021


Hello,
I hope everyone is doing well!

Below is the entry for today.

06/30/2021 - Diary entry #295:

This week a PoC of a new Windows exploit was publicly posted on Github. Dubbed PrintNightmare, the exploit can be used across various versions of Windows (from Windows 7 to Windows 10) and Windows Server (from 2004 to 20H2). The published exploit allows an attacker with a regular Domain User's account to achieve full SYSTEM privileges on the vulnerable machine.

Tracked under CVE-2021-1675, PrintNightmare us a vulnerability affect Print Spooler on Windows. Print Spooler manages the printing queue in Windows, handling the printer drivers and scheduling. This process can load third-party libraries and also runs with the highest privilege on the machine (SYSTEM), making it a very dangerous process to have a vulnerability on.

With the public exploit already published, it's just a matter of time before malware starts to exploit this vulnerability, as it can be used for both RCE (in case a Domain user is compromised) and Privilege Escalation after an initial breach. CVE-2021-1675 was already fixed in June 8th Patch Tuesday. We highly recommend anyone using Windows to make sure the system is up to date.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Duarte Domingues
Security Researcher
Appgate

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20210630/c5f9773c/attachment.html>


More information about the MART mailing list