iTnews

Researchers accidentally publish 'PrintNightmare' Stuxnet-style zero-day

By Juha Saarinen on Jul 1, 2021 10:53AM
Researchers accidentally publish 'PrintNightmare' Stuxnet-style zero-day

Users advised to disable Print Spooler service on Windows.

Researchers from a Hong Kong based security vendor accidentally published a proof-of-concept for a new and unpatched vulnerability affecting the Print Spooler service on all current versions of Windows, sparking concerns that ransomware criminals could add the bug to their arsenals.

The exploit allows for both local privilege escalation and remote code execution and was published on Github by researchers from Sangfor ahead of their presentation at the Black Hat security conference.

It appears the Sangfor researchers wrongly thought their proof-of-concept referred to a recently patched critical Windows Print Spooler service vulnerability, CVE-2021-1675 with a Common Vulnerabilities Scoring System version 3.0 rating of 7.8 out of 10.

However, other researchers tried out Sangfor's proof-of-concept on patched Windows systems, and discovered it still worked.

After realising this, Sangfor's researchers deleted the technical details and proof-of-concept code from Github.

We deleted the POC of PrintNightmare. To mitigate this vulnerability, please update Windows to the latest version, or disable the Spooler service. For more RCE and LPE in Spooler, stay tuned and wait our Blackhat talk. https://t.co/heHeiTCsbQ

— zhiniang peng (@edwardzpeng) June 29, 2021

The proof-of-concept code is already being circulated, with some security researchers calling it a zero-day exploit that can be used to take over Active Directory domain controllers.

Currently, exploitation of the vulnerability for remote code execution appears to require authentication. 

Serious vulnerabilities have long plagued the Windows Print Spooler service which was added to the operating system in the mid-90s.

I've published a vulnerability note on this. I suspect that Microsoft will need to issue a new CVE to capture what PrintNightmare exploits, as it sure isn't what Microsoft patched as CVE-2021-1675.https://t.co/c7Durfn4BL

— Will Dormann (@wdormann) June 30, 2021

The most well-known one was a zero-day vulnerability used in an attack on Iran's nuclear fuel enrichment programme in 2010, which damaged uranium centrifuges and set back the country's ambitions to develop fissile weapons.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
active directorylpemicrosoftprintnightmaresecuritysoftwarestuxnetwindows

Partner Content

Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations
Don't miss Australia’s premiere IoT Conference on 9th June
Promoted Content Don't miss Australia’s premiere IoT Conference on 9th June
Alienated from your own data? You’re not alone
Promoted Content Alienated from your own data? You’re not alone
5 essential digital transformation ideas
Promoted Content 5 essential digital transformation ideas

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

  • iTnews Benchmark Awards 2022 - Finalist Showcase
  • 11th Annual Fraud Prevention Summit 2022
  • IoT Impact Conference
  • Cyber Security for Government Summit
By Juha Saarinen
Jul 1 2021
10:53AM
0 Comments

Related Articles

  • Patches released for exploited Windows PrintNightmare bug
  • Microsoft's PrintNightmare patch doesn't work: researchers
  • Heroku hackers got account passwords via OAuth token theft
  • Patch now against Linux 'Nimbuspwn' root priv-esc bugs
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

NSW digital driver's licences 'easily forgeable'

NSW digital driver's licences 'easily forgeable'

Kmart Australia re-platforms ecommerce site to AWS

Kmart Australia re-platforms ecommerce site to AWS

NBN Co's 250Mbps and gigabit growth is finally clear

NBN Co's 250Mbps and gigabit growth is finally clear

Kmart Australia stands up consent-as-a-service platform

Kmart Australia stands up consent-as-a-service platform

Digital Nation

Metaverse hype will transition into new business models by mid decade: Gartner
Metaverse hype will transition into new business models by mid decade: Gartner
As NFTs gain traction, businesses start taking early bets
As NFTs gain traction, businesses start taking early bets
Case Study: PlayHQ leverages graph technologies for sports administration
Case Study: PlayHQ leverages graph technologies for sports administration
The other ‘CTO’: The emerging role of the chief transformation officer
The other ‘CTO’: The emerging role of the chief transformation officer
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.