New Windows print spooler zero day exploitable via remote print servers
Another zero day vulnerability in Windows Print Spooler can give a threat actor administrative privileges on a Windows machine through a remote server under the attacker's control and the 'Queue-Specific Files' feature.
Last month, a security researcher accidentally revealed a zero-day Windows print spooler vulnerability known as PrintNightmare that Microsoft tracks as CVE-2021-34527.
Microsoft released a security update to fix the vulnerability but researchers determined that the patch could be bypassed under certain conditions.
Since the incomplete fix, security researchers have been heavily scrutinizing the Windows printing APIs and have found further vulnerabilities affecting the Windows print spooler.
Security researcher and Mimikatz creator Benjamin Delpy has publicly disclosed a new zero-day vulnerability that allows a threat actor to easily achieve SYSTEM privileges on a Windows machine through a remote print server under their control.
#printnightmare - Episode 4 You know what is better than a Legit Kiwi Printer ? Another Legit Kiwi Printer... No prerequiste at all, you even don't need to sign drivers/package pic.twitter.com/oInb5jm3tE
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/cmg/L4IGXEIABZHX7GJ3YYEM5NE35M.jpg)
