“PrintNightmare” Vulnerability Information – CVE-2021-1675

Jul 02, 2021

A Microsoft Windows Security Vulnerability has been identified allowing remote code execution via the Windows Print Spooler. This vulnerability has been named “PrintNightmare.” There is currently no patch to mitigate this vulnerability, however Nexigen has identified some techniques to help mitigate the risk of exploitation.

 

Details:

  • The vulnerability is named PrintNightmare (CVE-2021-1675)
  • This vulnerability affects any Windows Computer running a print spooler
  • There is currently no patch to fix this. The working assumption is a patch will be made available once it is created and tested
  • Valid credentials (username and password) are needed to exploit this vulnerability
  • Currently, it has not been seen in active use, but the source code has been released into the wild

 

 

Mitigation Approach (Reduce Risk):

  • Disable the print spooler on any servers that do not need printing functionality. This is especially true for Active Directory servers.
  • A script has been developed to test and see if the vulnerability has been run against a particular system
  • Ensure your servers and computers are up to date with the latest security patches