CVE identifier(s) |
CVE-2021-1675 CVE-2021-34527 |
---|---|
Date discovered | June 29, 2021 |
Date patched | July 6, 2021[1] |
Discoverer | Sangfor [2] [3] |
Affected software | Windows Server 2012, Windows 7, Windows Server 2008, Windows Server 2012, Windows Server 2016, Windows Server 2019, Windows 8, Windows 8.1, Windows Server 2022, Windows 10, Windows 11 [4] |
PrintNightmare is a critical security vulnerability affecting the Microsoft Windows operating system. [2] [5] The vulnerability occurred within the print spooler service. [6] [7] There were two variants, one permitting remote code execution (CVE-2021-34527), and the other leading to privilege escalation (CVE-2021-1675). [7] [8] A third vulnerability (CVE-2021-34481) was announced July 15, 2021, and upgraded to remote code execution by Microsoft in August. [9] [10]
On July 6, 2021, Microsoft started releasing out-of-band (unscheduled) patches attempting to address the vulnerability. [11] Due to its severity, Microsoft released patches for Windows 7, for which support had ended in January 2020. [11] [12] The patches resulted in some printers ceasing to function. [13] [14] Researchers have noted that the vulnerability has not been fully addressed by the patches. [15] After the patch is applied, only administrator accounts on Windows print server will be able to install printer drivers. [16] Part of the vulnerability related to the ability of non-administrators to install printer drivers on the system, such as shared printers on system without sharing password protection. [16]
The organization which discovered the vulnerability, Sangfor, published a proof of concept in a public GitHub repository. [3] [17] Apparently published in error, or as a result of a miscommunication between the researchers and Microsoft, the proof of concept was deleted shortly after. [3] [18] However, several copies have since appeared online. [3]
CVE identifier(s) |
CVE-2021-1675 CVE-2021-34527 |
---|---|
Date discovered | June 29, 2021 |
Date patched | July 6, 2021[1] |
Discoverer | Sangfor [2] [3] |
Affected software | Windows Server 2012, Windows 7, Windows Server 2008, Windows Server 2012, Windows Server 2016, Windows Server 2019, Windows 8, Windows 8.1, Windows Server 2022, Windows 10, Windows 11 [4] |
PrintNightmare is a critical security vulnerability affecting the Microsoft Windows operating system. [2] [5] The vulnerability occurred within the print spooler service. [6] [7] There were two variants, one permitting remote code execution (CVE-2021-34527), and the other leading to privilege escalation (CVE-2021-1675). [7] [8] A third vulnerability (CVE-2021-34481) was announced July 15, 2021, and upgraded to remote code execution by Microsoft in August. [9] [10]
On July 6, 2021, Microsoft started releasing out-of-band (unscheduled) patches attempting to address the vulnerability. [11] Due to its severity, Microsoft released patches for Windows 7, for which support had ended in January 2020. [11] [12] The patches resulted in some printers ceasing to function. [13] [14] Researchers have noted that the vulnerability has not been fully addressed by the patches. [15] After the patch is applied, only administrator accounts on Windows print server will be able to install printer drivers. [16] Part of the vulnerability related to the ability of non-administrators to install printer drivers on the system, such as shared printers on system without sharing password protection. [16]
The organization which discovered the vulnerability, Sangfor, published a proof of concept in a public GitHub repository. [3] [17] Apparently published in error, or as a result of a miscommunication between the researchers and Microsoft, the proof of concept was deleted shortly after. [3] [18] However, several copies have since appeared online. [3]