A free unofficial patch has been released to protect Windows users from all new PrintNightmare zero-day vulnerabilities discovered since June.
Technical details and a proof-of-concept (PoC) exploit for a new Windows print spooler vulnerability named ‘PrintNightmare’ (CVE-2021-34527) was accidentally disclosed in June.
This vulnerability allows remote code execution and local privilege escalation by installing malicious printer drivers.
While Microsoft released a security update for the remote code execution portion, researchers quickly bypassed the local privilege elevation component. Since then, Security researcher and Mimikatz creator Benjamin Delpy has been devising further vulnerabilities targeting the print spooler that remain unpatched.
These are critical vulnerabilities as they allow anyone to gain SYSTEM privileges on a local device, even a Domain Controller, simply by connecting to a remote Internet-accessible print server and installing a malicious print driver.
Once a threat actor gains SYSTEM privileges, it is game over for the system. If this is done on a Domain Controller, then the threat actor now effectively controls the Windows Domain.