Microsoft Publishes Mitigations for Windows PrintNightmare Zero-Day

3 July 2021 [NO.TCSA : 20210703-1-1-P]

PUBLISHED:
3 July 2021

Microsoft Publishes Mitigations for Windows PrintNightmare Zero-Day

Microsoft has published a security advisory with guidance to block attacks on systems vulnerable to exploits targeting the Windows Print Spooler zero-day vulnerability known as PrintNightmare. This remote code execution (RCE) flaw is assigned with CVE-2021-34527 and impacts all versions of Windows. Currently, there is no security patch for the vulnerability.

The exploitation requires a user account that has access to the spooler service. Successful exploitation may lead to complete take over of a domain controller in an enterprise setup. Microsoft released patch updates to similar but distinct from the vulnerability CVE-2021-1675 in June security updates.

Affected Versions

  • All versions of Windows

Mitigation

  • Apply the workaround described in Microsoft Advisory
  • Use security hardened systems in the enterprise environment with absolute minimum required services enabled and running
  • Test and apply security updates to enterprise systems regularly and effectively

More Information

21 April 2022 [NO.TCSA : 20220422-1-1-P]

A Critical Unauthenticated Remote Code Execution (RCE) Flaw Found in WSO2 API Manager, Identity Server & Enterprise Integrator

READ MORE READ MORE
19 April 2022 [NO.TCSA : 20220419-1-1-P]

Possible Increase of Intrusion Attempts on Sri Lankan Websites

READ MORE READ MORE
1 April 2022 [NO.TCSA : 20220401-1-1-P]

Spring4Shell – A Critical Remote Execution Found Spring Framework

READ MORE READ MORE
Read More BACK TO THREAT BULLETIN