8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.967 High
EPSS
Percentile
99.5%
Windows Print Spooler Remote Code Execution Vulnerability
Recent assessments:
kevthehermit at June 30, 2021 1:53pm UTC reported:
This was originally classified as a Local Priv Escalation, however recent POC code has been released that enabled a domain authenticated user to remotely escalate to SYSTEM
on vulnerable services
There are several functional exploits available on Github after the initial repository was removed by the authors.
<https://github.com/afwu/PrintNightmare> – A windows binary exploit
<https://github.com/cube0x0/CVE-2021-1675> – Python3 using a modified version of impacket
Initial testing shows that the patches released are not sufficient to stop this exploit. It has been tested in Server 2016 and Server 2019.
Disable the print spooler can prevent exploitation.
Event logs can be found for both successful and non-successful exploit attempts in some situations.
Sigma rules can be found: <https://github.com/SigmaHQ/sigma/pull/1592>
andretorresbr at July 02, 2021 2:37am UTC reported:
This was originally classified as a Local Priv Escalation, however recent POC code has been released that enabled a domain authenticated user to remotely escalate to SYSTEM
on vulnerable services
There are several functional exploits available on Github after the initial repository was removed by the authors.
<https://github.com/afwu/PrintNightmare> – A windows binary exploit
<https://github.com/cube0x0/CVE-2021-1675> – Python3 using a modified version of impacket
Initial testing shows that the patches released are not sufficient to stop this exploit. It has been tested in Server 2016 and Server 2019.
Disable the print spooler can prevent exploitation.
Event logs can be found for both successful and non-successful exploit attempts in some situations.
Sigma rules can be found: <https://github.com/SigmaHQ/sigma/pull/1592>
architect00 at July 01, 2021 1:46pm UTC reported:
This was originally classified as a Local Priv Escalation, however recent POC code has been released that enabled a domain authenticated user to remotely escalate to SYSTEM
on vulnerable services
There are several functional exploits available on Github after the initial repository was removed by the authors.
<https://github.com/afwu/PrintNightmare> – A windows binary exploit
<https://github.com/cube0x0/CVE-2021-1675> – Python3 using a modified version of impacket
Initial testing shows that the patches released are not sufficient to stop this exploit. It has been tested in Server 2016 and Server 2019.
Disable the print spooler can prevent exploitation.
Event logs can be found for both successful and non-successful exploit attempts in some situations.
Sigma rules can be found: <https://github.com/SigmaHQ/sigma/pull/1592>
NinjaOperator at June 29, 2021 5:55pm UTC reported:
This was originally classified as a Local Priv Escalation, however recent POC code has been released that enabled a domain authenticated user to remotely escalate to SYSTEM
on vulnerable services
There are several functional exploits available on Github after the initial repository was removed by the authors.
<https://github.com/afwu/PrintNightmare> – A windows binary exploit
<https://github.com/cube0x0/CVE-2021-1675> – Python3 using a modified version of impacket
Initial testing shows that the patches released are not sufficient to stop this exploit. It has been tested in Server 2016 and Server 2019.
Disable the print spooler can prevent exploitation.
Event logs can be found for both successful and non-successful exploit attempts in some situations.
Sigma rules can be found: <https://github.com/SigmaHQ/sigma/pull/1592>
ccondon-r7 at July 01, 2021 1:43pm UTC reported:
This was originally classified as a Local Priv Escalation, however recent POC code has been released that enabled a domain authenticated user to remotely escalate to SYSTEM
on vulnerable services
There are several functional exploits available on Github after the initial repository was removed by the authors.
<https://github.com/afwu/PrintNightmare> – A windows binary exploit
<https://github.com/cube0x0/CVE-2021-1675> – Python3 using a modified version of impacket
Initial testing shows that the patches released are not sufficient to stop this exploit. It has been tested in Server 2016 and Server 2019.
Disable the print spooler can prevent exploitation.
Event logs can be found for both successful and non-successful exploit attempts in some situations.
Sigma rules can be found: <https://github.com/SigmaHQ/sigma/pull/1592>
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5
packetstormsecurity.com/files/163349/Microsoft-PrintNightmare-Proof-Of-Concept.html
packetstormsecurity.com/files/163351/PrintNightmare-Windows-Spooler-Service-Remote-Code-Execution.html
packetstormsecurity.com/files/167261/Print-Spooler-Remote-DLL-Injection.html
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1675
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1675
www.kb.cert.org/vuls/id/383432
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.967 High
EPSS
Percentile
99.5%