Microsoft warns of a new zero-day vulnerability in the service that should manage print jobs from different users. The bug would allow attackers to run code remotely on computers.
The vulnerability was named ‘PrintNightmare’, or more professionally, CVE-2021-34527. Attackers have already exploited the bug, the tech giant said.
This is a zero-day vulnerability that allows attackers to run code remotely using SYSTEM privileges. This means that attackers can install programs, modify data and create new accounts with administrator rights. So a lot of damage could be done.
Microsoft says it is still investigating the whole but does indicate to customers that attackers are actively exploiting the bug. The vulnerable code can also be found in all versions of Windows, according to the tech giant. It is not yet certain whether it can also be exploited in every operating system version, but it seems that domain controllers are vulnerable anyway.
The zero-day was accidentally made public by a research group. He published a proof-of-concept about the code, assuming it had already been patched. Unfortunately, this appeared not to be the case.
An official patch hasn’t been released yet, so Microsoft recommends shutting down the Windows Print Spooler service on domain controllers that aren’t actively printing documents. The service runs standard on Windows operating systems, but also domain controllers and Windows Server. It is needed to allow different computers in offices to use the printer.