Security researchers accidentally leak PrintNightmare remote execution vulnerability in Windows print spooler
Security researchers have inadvertently leaked details of a critical Windows print spooler vulnerability, dubbed PrintNightmare, along with a proof-of-concept. The flaw -- said be a Stuxnet-style zero-day -- can be exploited to completely compromise a Windows system.
Microsoft issued a patch for CVE-2021-1675, described as a "Windows Print Spooler Elevation of Privilege Vulnerability" last Patch Tuesday, and this is when things went wrong. Having seen that this patch had been published, security researchers then released technical details of what they thought was the same vulnerability, along with a proof-of-concept. But they had in fact released information about a different -- albeit similar -- vulnerability.
- The Windows 11 release date is almost certainly in October
- Check whether your computer can be upgraded to Windows 11 using Win11SysCheck
- Microsoft releases KB5004760 update to fix PDF problems in Windows 10
When Microsoft patched the high-severity CVE-2021-1675, it was classed as a privilege escalation issue. But shortly after issuing the patch, the company revised its assessment, reclassifying it as a critical remote code execution flaw.
As explained by Bleeping Computer, towards the end of last month, researchers from Chinese security firm QiAnXin published a video showing that they had been able to achieve privilege escalation and remote code execution with the vulnerability. Then researchers from Sangfor -- another Chinese security firm -- got a little mixed up and published a technical write up of what they thought was the same bug, calling it PrintNightmare.
But in reality, PrintNightmare and CVE-2021-1675 are different vulnerabilities, so Sangfor had effectively revealed how to exploit a serious, unpatched vulnerability. Although the proof-of-concept exploit code was later pulled, this did not happen before it was seen and grabbed by many people -- and the Register reports that the code can still be retrieved via Google.
As a result, system administrators are being advised to disable the Windows print spool service on domain controllers, although the problem affects non-domain systems as well.
At the moment, it is not clear when PrintNightmare will be patched.