Microsoft Publishes Mitigations for Windows PrintNightmare Zero-Day

PUBLISHED:
3 July 2021

Microsoft Publishes Mitigations for Windows PrintNightmare Zero-Day

Microsoft has published a security advisory with guidance to block attacks on systems vulnerable to exploits targeting the Windows Print Spooler zero-day vulnerability known as PrintNightmare. This remote code execution (RCE) flaw is assigned with CVE-2021-34527 and impacts all versions of Windows. Currently, there is no security patch for the vulnerability.

The exploitation requires a user account that has access to the spooler service. Successful exploitation may lead to complete take over of a domain controller in an enterprise setup. Microsoft released patch updates to similar but distinct from the vulnerability CVE-2021-1675 in June security updates.

Affected Versions

• All versions of Windows

Mitigation

• Apply the workaround described in Microsoft Advisory
• Use security hardened systems in the enterprise environment with absolute minimum required services enabled and running
• Test and apply security updates to enterprise systems regularly and effectively

More Information

• Microsoft Advisory : Windows Print Spooler Remote Code Execution Vulnerability – https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527