Proof-of-concept exploits code for CVE-2021-1675 flaw, unintentionally leaks for dangerous Windows PrintNightmare bug. The flaw impacts the Windows Print Spooler service that can allow a total compromise of Windows systems.
Earlier this month, Microsoft addressed the flaw with the release of Microsoft June 2021 Patch Tuesday security updates.
The Flaw in Windows Print Spooler Service
The vulnerability in Print Spooler, a windows service that serves as a generic universal interface between the Windows OS, applications, and local or networked printers, allowing app developers to easily begin print jobs.
The flaw was at first rated as a low-importance elevation-of-privilege vulnerability, however, in recent times the IT giant reviewed the issue and labeled it as a remote code execution flaw.
The report says, there was no technical write-up or proof-of-concept code was published for CVE-2021-1675, which means that attackers who wanted to exploit this bug had to examine the patch code themselves and create an exploit if they wanted to integrate this bug in their attacks.
Researchers from Chinese security firm QiAnXin published a GIF showing a working exploit for the flaw but avoided disclosing the technical details about the attack.
The Record said, “Authored by three analysts from Chinese security firm Sangfor, the write-up, which we will not link here, details how the trio discovered the bug independently from the teams who reported the vulnerability to Microsoft.”
Later on, the experts deleted the PoC since they will present it at the Black Hat USA 2021 security conference later this year. But it was very late as other users had access to the code before it was taken offline.
Even though it was taken offline, some users has already cloned the PoC.
The CVE-2021-1675 flaw, which the Sangfor team codenamed PrintNightmare, has been improved by Microsoft into an RCE attack vector, and PoC exploit code is at the present in the public domain, companies are advised to update their Windows fleets immediately. As the exploit code released attackers may try to exploit the flaw.