Researcher with the twitter handle named RedDrip Team(QiAnXin) has released the first ever known POC code for the Critical Remote code Execution Vulnerability with CVE-2021-1675 on Print Spooler component .
Print Spooler is a component from Microsoft which manages the printing process also helps to retrieve the location of the correct printer driver, loading the driver, scheduling the printing job and so on.
Luckily Microsoft has addressed this vulnerability as a part of patch Tuesday on June 8, 2021(This patch is not working as per the latest update. Checkout the latest updates on this vulnerability here.). The biggest concern about this vulnerability is that this print spooler (spoolsv.exe) service run’s with highest privilege level in the operating system.
Researchers from QiAnXin also released the GIF which demonstrates this vulnerability.
We deleted the POC of PrintNightmare. To mitigate this vulnerability, please update Windows to the latest version, or disable the Spooler service. For more RCE and LPE in Spooler, stay tuned and wait our Blackhat talk. https://t.co/heHeiTCsbQ— zhiniang peng (@edwardzpeng) June 29, 2021
Unfortunately, its too late as the POC code from github had been seen with multiple forks and we can expect that threat actors may attempt to exploit this issue to break into the networks.
–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1