Microsoft released an out-of-band patch to address a vulnerability referred to as PrintNightmare which allows remote threat actors to take over vulnerable systems. There are a number of proof-of-concept exploit scripts along with reports of in-the-wild exploitation. Satnam Narang, Staff Research Engineer, Tenable shared his thoughts on PrintNightmare
“PrintNightmare (CVE-2021-34527) is a critical remote code execution vulnerability in the Windows Print Spooler. The reason why it warrants attention is because of its ubiquity across organizations and the prospect that attackers could exploit this flaw in order to take over a domain controller.
“While we do not know with certainty why Microsoft chose to publish this as an out-of-band patch, we suspect the availability of a number of proof-of-concept exploit scripts along with reports of in-the-wild exploitation contributed to this decision. We expect it will only be a matter of time before it is more broadly incorporated into attacker toolkits.
“PrintNightmare will remain a valuable exploit for cybercriminals as long as there are unpatched systems out there, and as we know, unpatched vulnerabilities have a long shelf life for attackers.
“Now that Microsoft has released patches, organizations are strongly encouraged to apply the patches as soon as possible, especially as attackers incorporate readily available PoC exploit scripts into their toolkits.” — Satnam Narang, Staff Research Engineer, Tenable