Windows PrintNightmare Bug Exposed

Microsoft patched CVE-2021-1675 in June in what was described as a low risk privilege escalation bug.

But that was a misdiagnosis.

On top of that, a fully patched 2012R2, 2016 or 2019 server may still be vulnerable.

Microsoft updated their original bug announcement to say that this was a full remote code execution flaw.

The researcher who found the bug posted a proof of concept after the bug was patched, only to find that the patch didn’t really work. The PoC code has been removed, but not before it was viewed and downloaded many times.

It appears that turning off the print spooler completely (it is on by default) on the servers should mitigate the problem.

As a side note, the researcher who found it is Chinese. As the stakes in the fight between the US and China increase, China might choose to keep these bugs quiet and use them themselves rather than disclose them. It is a bit of a challenge, but the solution is NOT to ease up on China; it is just a warning that we may not be able to count on Chinese researchers helping us out in the future.

Credit: Security Week