An emergency patch Microsoft issued on Tuesday fails to fully fix a critical security vulnerability in all supported versions of Windows that allows attackers to take control of infected systems and run code of their choice, researchers said.
The threat, colloquially known as PrintNightmare, stems from bugs in the Windows print spooler, which provides printing functionality inside local networks. Proof-of-concept exploit code was publicly released and then pulled back, but not before others had copied it. Researchers track the vulnerability as CVE-2021-34527.
Attackers can exploit it remotely when print capabilities are exposed to the Internet. Attackers can also use it to escalate system privileges once they’ve used a different vulnerability to gain a toe-hold inside of a vulnerable network. In either case, the adversaries can then gain control of the domain controller, which as the server that authenticates local users, is one of the most security-sensitive assets on any Windows network.
“It's the biggest deal I've dealt with in a very long time,” said Will Dormann, a senior vulnerability analyst at the CERT Coordination Center, a nonprofit United States federally funded project that researches software bugs and works with business and government to improve security. “Any time there's public exploit code for an unpatched vulnerability that can compromise a Windows domain controller, that's bad news.”