![]() This led to it being included in tools like the well-known Mimikatz tool. Although the researchers deleted their PoC from GitHub, it had already been forked and lead to many more public PoCs. The PoC was found to be effective against servers patched with June 2021 updates under certain circumstances, including domain controllers running with default configurations. Unfortunately we now know the vulnerability exploited by the PoC was not, CVE-2021-1675. ![]() Then on June 21st, Microsoft changed the classification after it was discovered that the flaw allows (RCE) as well. Initially it was classified as a low severity vulnerability allowing Local Privilege Escalation (LPE). Microsoft addressed a Print Spooler vulnerability assigned with CVE-2021-1675 as part of the June 2021 security updates. There are questions as to how this happened. They went on to share their findings on the vulnerability, indicating that it was CVE-2021-1675. Supposedly after revealing the vulnerability details to Microsoft nearly a year ago and believing it had since been resolved, security researchers Zhipeng Huo, Piotr Madej and Yunhai Zhang, decided to publish their work, including a proof-of-concept (PoC). It took Microsoft about 10 days to release security patches for all Windows versions against this vulnerability and these patches are effective under certain circumstances which I will cover later. Since this vulnerability essentially enables any user/person on the internal network to fully compromise the domain by exploiting a domain controller, it has rapidly escalated to critical status, and requires an immediate response from organizations. A service that is enabled by default on all Windows machines, ![]() a Remote Code Execution (RCE) vulnerability capable of being used to attack any Server or Workstation with the Print Spooler service enabled. “PrintNightmare” is a recently discovered vulnerability in the Print Spooler Windows service.
0 Comments
Leave a Reply. |