Microsoft Emergency Patch Update Debuts to Combat Exploitation of PrintNightmare Zero-Day Vulnerability

Microsoft Emergency Patch Update Debuts to Combat Exploitation of PrintNightmare Zero-Day Vulnerability
Getty Image

Microsoft emergency patch update successfully launched as a remedy to the ongoing exploitation of PrintNightmare Zero-Day Vulnerability found within the Windows Print Spooler service.

The tech giant recently released its emergency security update with the label KB5004945. Its primary function is to combat the actively exploited PrintNightmare Zero-Day Vulnerability or CVE-2021-34527.

Discovering the PrintNightmare Zero-Day Vulnerability

According to Security Affairs, the said vulnerability is found in the Windows Print Spooler service, affecting all available versions of Windows.

A proof-of-concept exploit code recently came to light, and it has been confirmed that it was for the CVE-2021-1675 vulnerability. It has already been published online, and any knowledgeable hacker could exploit it to compromise any specific Windows system.

Microsoft Emergency Patch Update to Stop PrintNightmare Zero-Day Vulnerability

Security Affairs reported that Microsoft has finally addressed the issue by releasing the latest security updates. The flaw found within Print Spooler, also seen as spoolsv.exe service, impacted all Windows OS versions.

The Microsoft emergency patch update launched together, and the company confirmed that a remote code vulnerability was discovered when the Windows Print Spooler service malfunctioned during performing file operations.

The company claimed that an attacker successfully exploited the flaw and has the capacity to run arbitrary code using SYSTEM privileges.

As the attacker successfully exploits it, he may already proceed with installing various programs that could change, view, and delete data. He can also create brand new accounts that have user privileges.

What is the PrintNightmare Zero-Day Vulnerability?

According to Security Affairs, the CVE-2021-1675 vulnerability was primarily a low-importance elevation-of-privilege type of flaw. Still, it leveled up like Microsoft, an IT giant, confirmed that it is a remote code execution flaw.

Researches from QiAnXin, a Chinese security company, published a report on a working exploit by the PrintNightmare Zero-Day vulnerability. However, the firm did not disclose any technical details regarding the said attack.

Nevertheless, Security Affairs reported that the availability of a working PoC exploits at GitHub on June 7 Wednesday. The code must have been accidentally published, and that GitHub repo was shut down and taken offline after some time.

How Hackers Exploited the Flaw

The Record also reported that the write-up has vital details on how the trio was able to discover the bug within Microsoft's database. They independently figured it out from teams that reported the flaw to Microsoft.

It seems like the hacking group finally published the PoC as soon as QuAnXin researchers posted a video on the exploitation of the said flaw. As a remedy, experts removed the PoC after several hours because they will still present it during the Black Hat USA 2021 event.

However, it was a little too late because some users already had access to the flaw before being deleted online.

CISA even intervened and issued a security warning for admins, saying that they have to disable their Windows Print Spooler services due to the PrintNightmare Zero-Day Vulnerability.

This article is owned by Tech Times

Written by Fran Sanders

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics