PrintNightmare: How to Check If Your Systems Are Still Vulnerable


PrintNightmare, the name given to a group of vulnerabilities affecting the Windows Print Spooler service, continues to be a hot topic. Our previous blog on this topic explains urgent mitigation actions for the first two reported vulnerabilities, CVE-2021-1675 and CVE-2021-34527. However, cybersecurity researchers are still discovering new related vulnerabilities that can be exploited.

The reasons the Windows Print Spooler service is getting so much attention are:

  • The high impact of vulnerabilities coupled with the widespread use of the affected service in corporate environments
  • The wide availability of exploits to the public
  • The apparent insufficiency of patches released by Microsoft to completely address the threat

In this blog, we show the steps security engineers can take to verify if the systems of interest remain vulnerable to known known exploit Proof of Concepts (PoCs). We focus on the most impactful cases associated with the Remote Code Execution (RCE) vulnerability, rather than the LPE (Local Privilege Escalation) exploits.

By showing what a successful file system and network level attack looks like, this blog can help you determine whether your systems remain vulnerable or not.


About Author

Leave A Reply