iTnews

Researchers accidentally publish 'PrintNightmare' Stuxnet-style zero-day

By Juha Saarinen on Jul 1, 2021 10:53AM
Researchers accidentally publish 'PrintNightmare' Stuxnet-style zero-day

Users advised to disable Print Spooler service on Windows.

Researchers from a Hong Kong based security vendor accidentally published a proof-of-concept for a new and unpatched vulnerability affecting the Print Spooler service on all current versions of Windows, sparking concerns that ransomware criminals could add the bug to their arsenals.

The exploit allows for both local privilege escalation and remote code execution and was published on Github by researchers from Sangfor ahead of their presentation at the Black Hat security conference.

It appears the Sangfor researchers wrongly thought their proof-of-concept referred to a recently patched critical Windows Print Spooler service vulnerability, CVE-2021-1675 with a Common Vulnerabilities Scoring System version 3.0 rating of 7.8 out of 10.

However, other researchers tried out Sangfor's proof-of-concept on patched Windows systems, and discovered it still worked.

After realising this, Sangfor's researchers deleted the technical details and proof-of-concept code from Github.

We deleted the POC of PrintNightmare. To mitigate this vulnerability, please update Windows to the latest version, or disable the Spooler service. For more RCE and LPE in Spooler, stay tuned and wait our Blackhat talk. https://t.co/heHeiTCsbQ

— zhiniang peng (@edwardzpeng) June 29, 2021

The proof-of-concept code is already being circulated, with some security researchers calling it a zero-day exploit that can be used to take over Active Directory domain controllers.

Currently, exploitation of the vulnerability for remote code execution appears to require authentication. 

Serious vulnerabilities have long plagued the Windows Print Spooler service which was added to the operating system in the mid-90s.

I've published a vulnerability note on this. I suspect that Microsoft will need to issue a new CVE to capture what PrintNightmare exploits, as it sure isn't what Microsoft patched as CVE-2021-1675.https://t.co/c7Durfn4BL

— Will Dormann (@wdormann) June 30, 2021

The most well-known one was a zero-day vulnerability used in an attack on Iran's nuclear fuel enrichment programme in 2010, which damaged uranium centrifuges and set back the country's ambitions to develop fissile weapons.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
active directory lpe microsoft printnightmare security software stuxnet windows

Partner Content

Why your organisation's perimeter cybersecurity model is outdated
Partner Content Why your organisation's perimeter cybersecurity model is outdated
Why encryption is the key to digital fitness, according to Thales
Partner Content Why encryption is the key to digital fitness, according to Thales
Under the pump over sewage leaks, Tasmania Water turns to IoT
Promoted Content Under the pump over sewage leaks, Tasmania Water turns to IoT
New report reveals opportunities to address weak security in APAC organisations
Promoted Content New report reveals opportunities to address weak security in APAC organisations

Sponsored Whitepapers

Tomago Aluminium improves SAP environment performance, security with Red Hat and IBM
Tomago Aluminium improves SAP environment performance, security with Red Hat and IBM
Future of work: Support your distributed HR workforce with digital document processes
Future of work: Support your distributed HR workforce with digital document processes
Develop a resiliency strategy that integrates risk analysis & continuity management
Develop a resiliency strategy that integrates risk analysis & continuity management
IBM Maximo: Manage any asset, anytime, any place with mobile EAM
IBM Maximo: Manage any asset, anytime, any place with mobile EAM
Optimise your operations with APM and AI-Powered insights
Optimise your operations with APM and AI-Powered insights

Events

  • Nutanix .NEXT Conference
  • How a FinTech can maintain agility while addressing Non-Functional requirements and ensuring compliance
By Juha Saarinen
Jul 1 2021
10:53AM
0 Comments

Related Articles

  • Patches released for exploited Windows PrintNightmare bug
  • Microsoft's PrintNightmare patch doesn't work: researchers
  • New ActiveX Windows zero-day exploited: Microsoft alert
  • Researchers patch Microsoft's 'Petitpotam' vulnerability patch
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Westpac replaces branch phone systems with iPhones, Teams Calling

Westpac replaces branch phone systems with iPhones, Teams Calling
Westpac loses its group head of data and advanced analytics

Westpac loses its group head of data and advanced analytics
NBN Co to charge free fibre recipients that don't stick with higher speed plans

NBN Co to charge free fibre recipients that don't stick with higher speed plans
CBA to rebrand its internal IT organisation

CBA to rebrand its internal IT organisation
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.