New variant of PrintNightmare exploit lets any user gain admin privileges in Windows

The PrintNightmare vulnerability has indeed proved to be something of a nightmare for Microsoft, and it's one that shows no signs of coming to an end. Security researchers have unearthed yet another method of exploiting the Windows print spooler vulnerability, making it possible for anyone to gain administrator privileges.

The latest method involves creating a remote print server and connecting to it. This causes Windows to install a driver which requires loading a DLL with System privileges -- a fact that can be exploited to launch an elevated Command Prompt. Even on a fully patched and updated copy of Windows 10 21H1, the attack works.

See also:

• Microsoft just made it even easier to install Windows Subsystem for Linux in Windows 11 (and 10)
• Users already have problems with the Windows 11 beta
• HiveNightmare: Windows 10 and Windows 11 have a security vulnerability that can be exploited to gain administrative access to the registry

This latest exploit technique was discovered and shared by security researcher Benjamen Delpy. IT takes advantage of the fact that Windows is very accommodating when it comes to installing drivers from remote print servers, and by running these drivers with System privileges, attackers are given an entry point.

Delpy tweeted details of the method as well as detailing how to mitigate against it:

BleepingComputer also shared a video demonstrating the exploit in action:

While Microsoft is yet to comment on this latest exploit, Deply says he is calling on the company to "make some priorities" in coming up with a fix.

There are various mitigating workarounds in the meantime, none of which are ideal. Details are available on CERT.

Image credit: FabrikaSimf / Shutterstock