New variant of PrintNightmare exploit lets any user gain admin privileges in Windows

Printer

The PrintNightmare vulnerability has indeed proved to be something of a nightmare for Microsoft, and it's one that shows no signs of coming to an end. Security researchers have unearthed yet another method of exploiting the Windows print spooler vulnerability, making it possible for anyone to gain administrator privileges.

The latest method involves creating a remote print server and connecting to it. This causes Windows to install a driver which requires loading a DLL with System privileges -- a fact that can be exploited to launch an elevated Command Prompt. Even on a fully patched and updated copy of Windows 10 21H1, the attack works.

See also:

Advertisement

This latest exploit technique was discovered and shared by security researcher Benjamen Delpy. IT takes advantage of the fact that Windows is very accommodating when it comes to installing drivers from remote print servers, and by running these drivers with System privileges, attackers are given an entry point.

Delpy tweeted details of the method as well as detailing how to mitigate against it:

BleepingComputer also shared a video demonstrating the exploit in action:

While Microsoft is yet to comment on this latest exploit, Deply says he is calling on the company to "make some priorities" in coming up with a fix.

There are various mitigating workarounds in the meantime, none of which are ideal. Details are available on CERT.

Image credit: FabrikaSimf / Shutterstock

4 Responses to New variant of PrintNightmare exploit lets any user gain admin privileges in Windows

© 1998-2021 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.