A PoC (Proof-of-Concept) of a critical windows vulnerability was published on GitHub this week and taken down within hours, but the code was copied and continues to pop up on the forums regardless.

CVE-2021-1675 – Called PrintNightmare by security researchers, this vulnerability can be used for remote code execution.

Microsoft initially released a patch for this vulnerability, but as more security researchers have tested the code, fully patched systems cannot stop the RCE portion of the vulnerability.

It’s important to note that some researchers see CVE-2021-1675 as something different than PrintNightmare since a flaw was discovered after the initial CVE-2021-1675 vulnerability was patched.

Threat actors who exploit this vulnerability can perform complete takeovers of your networks. They must become authenticated as a domain user, but once this is complete, full access may ensue.

PrintNightmare may allow local privilege escalation and remote code execution through the Spooler service inside Windows networks. This is completed by exploiting the RpcAddPrinterDriver call, enabling a DLL to be downloaded on the system, or through an escalated user. Researchers explain that most Windows systems have the Spooler service active which makes this vulnerability so important to businesses. It only takes one set of credentials to potentially give threat actors the ability to gain remote code execution.

SpearTip’s engineers are suggesting an immediate approach to fixing this vulnerability.

With SpearTip’s Security Operations Center as a Service, this vulnerability would be an afterthought for your organization. The trained engineers within our 24/7/365 Security Operations Center work in a continuous investigative cycle to properly protect our partners. When a zero-day vulnerability is put on our radar, we immediately begin the process of ensuring the networks containing the Spooler service are patched and monitored.

In addition to our human intelligence and response capabilities for vulnerabilities, our ShadowSpear® platform, a proprietary endpoint detection and response tool, will spot and stop malicious threats in their tracks before they can ever reach your machines. This combination of high-powered security technology and human intellect provides organizations with everything they need to prevent breaches and protect critical company assets. There is no other security service in the industry that brings this much value to your organization, so get ahead of the competition and ensure your business operates without worrying about the constant threats.

SpearTip’s cyber experts continuously monitor environments 24/7 in our US based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have a direct communication with our engineers at any moment and a completely transparent view of your risk profile.

If you think your organization has been breached, call our Security Operations Center at 833.997.7327.