Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA12213
HistoryJul 01, 2021 - 12:00 a.m.

KLA12213 RCE vulnerability in Microsoft Windows

2021-07-0100:00:00
Kaspersky Lab
threats.kaspersky.com
120

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.967 High

EPSS

Percentile

99.7%

JSON

A remote code execution vulnerability was found in Microsoft Windows. Malicious users can exploit this vulnerability to execute arbitrary code.

Original advisories

CVE-2021-34527

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-8

Microsoft-Windows-7

Microsoft-Windows-Server-2008

Windows-RT

Microsoft-Windows-10

CVE list

CVE-2021-34527 critical

KB list

5004948

5004945

5004958

5004954

5004950

5004956

5004960

5004947

5005575

5007215

5008212

5018427

5019959

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

  • Windows 7 for 32-bit Systems Service Pack 1Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows 10 Version 1909 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows Server 2008 R2 for x64-based Systems Service Pack 1Windows 10 Version 21H1 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows Server 2012Windows RT 8.1Windows 10 Version 1909 for ARM64-based SystemsWindows 10 for 32-bit SystemsWindows 7 for x64-based Systems Service Pack 1Windows 8.1 for x64-based systemsWindows Server 2008 for 32-bit Systems Service Pack 2Windows 10 Version 2004 for x64-based SystemsWindows 10 Version 21H1 for x64-based SystemsWindows Server 2019Windows Server 2019 (Server Core installation)Windows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 20H2 for ARM64-based SystemsWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 8.1 for 32-bit systemsWindows Server 2012 (Server Core installation)Windows 10 Version 21H1 for 32-bit SystemsWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2012 R2Windows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 20H2 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 20H2 for 32-bit SystemsWindows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server, version 2004 (Server Core installation)Windows Server, version 20H2 (Server Core Installation)Windows 10 Version 1809 for x64-based Systems

References

Related

mskb 20
githubexploit 30
msrc 8
nessus 12
ics 5
threatpost 7
cisa_kev 1
thn 10
kaspersky 1
hivepro 3
cisa 4
checkpoint_advisories 1
openvas 1
krebs 2
vulnrichment 1
kitploit 2
cvelist 1
malwarebytes 5
pentestpartners 1
mscve 2
attackerkb 3
talosblog 2
cve 1
cert 1
rapid7blog 8
packetstorm 1
prion 1
securelist 5
metasploit 1
nvd 1
qualysblog 9
trellix 2
avleonov 2
mskb
mskb
July 6, 2021—KB5004953 (Monthly Rollup) Out-of-band
2021-07-01 07:00:00
July 6, 2021—KB5004946 (OS Build 18363.1646) Out-of-band
2021-07-02 00:00:00
July 6, 2021—KB5004950 (OS Build 10240.18969) Out-of-band - EXPIRED
2021-07-01 07:00:00
githubexploit
githubexploit
Exploit for Improper Privilege Management in Microsoft
2021-07-09 09:22:03
Exploit for Improper Privilege Management in Microsoft
2023-04-07 20:14:31
Exploit for Improper Privilege Management in Microsoft
2021-07-05 20:02:50
msrc
msrc
Out-of-Band (OOB) Security Update available for CVE-2021-34527
2021-07-06 23:36:00
Clarified Guidance for CVE-2021-34527 Windows Print Spooler Vulnerability
2021-07-09 01:00:42
Out-of-Band (OOB) Security Update available for CVE-2021-34527
2021-07-06 07:00:00
nessus
nessus
KB5004959: Windows Server 2008 OOB Security Update RCE (July 2021)
2021-07-08 00:00:00
KB5004946: Windows 10 1909 OOB Security Update RCE (July 2021)
2021-07-08 00:00:00
KB5004945: Windows 10 2004 / 20H2 / 21H1 OOB Security Update RCE (July 2021)
2021-07-08 00:00:00
ics
ics
Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability
2022-05-02 12:00:00
#StopRansomware: Vice Society
2022-09-08 12:00:00
#StopRansomware: Vice Society
2022-09-08 12:00:00
threatpost
threatpost
TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates
2021-10-15 18:05:29
Microsoft Releases Emergency Patch for PrintNightmare Bugs
2021-07-07 10:55:02
Microsoft: Unpatched Bug in Windows Print Spooler
2021-07-16 11:57:53
cisa_kev
cisa_kev
Microsoft Windows Print Spooler Remote Code Execution Vulnerability
2021-11-03 00:00:00
thn
thn
Researchers Share Techniques to Uncover Anonymized Ransomware Sites on Dark Web
2022-07-05 07:06:00
FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug
2022-03-16 13:29:00
How to Mitigate Microsoft Print Spooler Vulnerability – PrintNightmare
2021-07-08 09:32:00
kaspersky
kaspersky
KLA12214 RCE vulnerability in Microsoft Products (ESU)
2021-07-01 00:00:00
hivepro
hivepro
Russian threat actors leveraging misconfigured multifactor authentication to exploit PrintNightmare vulnerability
2022-03-18 13:58:03
Are you a victim of the Conti Ransomware?
2021-09-23 13:47:51
Emergency patches have been released by Microsoft for PrintNightmare
2021-07-08 13:50:55
cisa
cisa
CISA Issues Emergency Directive on Microsoft Windows Print Spooler
2021-07-13 00:00:00
Russian State-Sponsored Cyber Actors Access Network Misconfigured with Default MFA Protocols
2022-03-15 00:00:00
Microsoft Releases Out-of-Band Security Updates for PrintNightmare
2021-07-06 00:00:00
checkpoint_advisories
checkpoint_advisories
Windows Print Spooler Remote Code Execution (CVE-2021-34527)
2021-07-08 00:00:00
openvas
openvas
Microsoft Windows Print Spooler RCE Vulnerability (KB5005010, PrintNightmare)
2021-07-09 00:00:00
krebs
krebs
Microsoft Issues Emergency Patch for Windows Flaw
2021-07-07 14:34:59
Microsoft Patch Tuesday, July 2021 Edition
2021-07-13 21:41:47
vulnrichment
vulnrichment
CVE-2021-34527 Windows Print Spooler Remote Code Execution Vulnerability
2021-07-02 21:25:11
kitploit
kitploit
Invoke-PSObfuscation - An In-Depth Approach To Obfuscating The Individual Components Of A PowerShell Payload Whether You'Re On Windows Or Kali Linux
2023-03-21 11:30:00
SpoolSploit - A Collection Of Windows Print Spooler Exploits Containerized With Other Utilities For Practical Exploitation
2021-10-07 11:30:00
cvelist
cvelist
CVE-2021-34527 Windows Print Spooler Remote Code Execution Vulnerability
2021-07-02 21:25:11
malwarebytes
malwarebytes
PrintNightmare 0-day can be used to take over Windows domain controllers
2021-07-01 14:08:26
UPDATED: Patch now! Emergency fix for PrintNightmare released by Microsoft
2021-07-07 14:17:31
Microsoft’s PrintNightmare continues, shrugs off Patch Tuesday fixes
2021-08-12 11:30:26
pentestpartners
pentestpartners
Black Basta ransomware
2023-06-28 05:11:34
mscve
mscve
Windows Print Spooler Remote Code Execution Vulnerability
2021-07-01 07:00:00
Windows Print Spooler Remote Code Execution Vulnerability
2021-06-08 07:00:00
attackerkb
attackerkb
CVE-2021-35211
2021-07-13 00:00:00
CVE-2021-34527 "PrintNightmare"
2021-07-02 00:00:00
CVE-2021-1675
2021-06-08 00:00:00
talosblog
talosblog
PrintNightmare: Here’s what you need to know and Talos’ coverage
2021-07-08 13:25:03
Vice Society Leverages PrintNightmare In Ransomware Attacks
2021-08-12 16:16:46
cve
cve
CVE-2021-34527
2021-07-02 22:15:08
cert
cert
Microsoft Windows Print Spooler allows for RCE via AddPrinterDriverEx()
2021-06-30 00:00:00
rapid7blog
rapid7blog
Metasploit Wrap-up
2021-07-09 17:53:41
Russia-Ukraine Cybersecurity Updates
2022-03-04 14:30:00
CVE-2021-34527 (PrintNightmare): What You Need to Know
2021-06-30 18:15:59
packetstorm
packetstorm
Print Spooler Remote DLL Injection
2022-05-25 00:00:00
prion
prion
Remote code execution
2021-07-02 22:15:00
securelist
securelist
Quick look at CVE-2021-1675 & CVE-2021-34527 (aka PrintNightmare)
2021-07-08 05:00:06
Kaspersky Managed Detection and Response: interesting cases
2021-12-15 10:00:42
IT threat evolution Q3 2021
2021-11-26 12:00:36
metasploit
metasploit
Print Spooler Remote DLL Injection
2022-05-16 18:56:46
nvd
nvd
CVE-2021-34527
2021-07-02 22:15:08
qualysblog
qualysblog
Microsoft Windows Print Spooler RCE Vulnerability (PrintNightmare-CVE-2021-34527) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR®
2021-07-07 23:30:23
Conti Ransomware
2021-11-18 17:17:56
Ransomware Insights from the FBI’s 2021 Internet Crime Report
2022-05-04 09:40:56
trellix
trellix
Beyond Memory Corruption Vulnerabilities – A Security Extinction and Future of Exploitation
2022-01-24 00:00:00
Beyond Memory Corruption Vulnerabilities – A Security Extinction and Future of Exploitation
2022-01-24 00:00:00
avleonov
avleonov
Last Week’s Security news: PrintNightmare, Kaseya, Intune, Metasploit Docker escape
2021-07-05 15:19:07
Last Week’s Security news: PrintNightmare patches and Metasploit, Kaseya CVEs, Morgan Stanley Accellion FTA, Cisco BPA and WSA, Philips Vue PACS, CISA RVAs, Lazarus job offers
2021-07-11 20:52:51

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.967 High

EPSS

Percentile

99.7%

JSON
Related for KLA12213
mskb20githubexploit30msrc8nessus12ics5threatpost7cisa_kev1thn10kaspersky1hivepro3cisa4checkpoint_advisories1openvas1krebs2vulnrichment1kitploit2cvelist1malwarebytes5pentestpartners1mscve2attackerkb3talosblog2cve1cert1rapid7blog8packetstorm1prion1securelist5metasploit1nvd1qualysblog9trellix2avleonov2