1. Forum
  2. Usenet Intenat
  3. ALT.HACKER

  • leaked windows print spooler exploit

    From Big Bad Bob@1:229/2 to All on Thursday, July 01, 2021 05:55:54
    From: BigBadBob-at-mrp3-dot-com@testing.local

    https://www.theregister.com/2021/06/30/windows_print_spool_vuln_rce/

    "An infosec firm accidentally published a proof-of-concept exploit for a critical Windows print spooler vulnerability that can be abused by rogue
    users to compromise Active Directory domain controllers."

    "The security hole, tracked as CVE-2021-1675, can be exploited by a low-privileged user to execute code as an administrator on a system
    running the print spooler service. Initially Microsoft classified it as
    a local privilege escalation flaw in June's Patch Tuesday run of Windows updates – but on 21 June that classification was upped to describe it as
    a remote-code execution vuln meaning it can be pulled off over a network."

    "by lightly tweaking the proof-of-concept code circulating in the wild,
    a malicious or compromised domain-authenticated user could execute code
    at the SYSTEM level on, say, a domain controller via the vulnerable
    Windows Print Spooler service running on that box. That's bad news."

    "CVE-2021-1675 affects Windows Server 2008, Server 2012, Server 2016,
    Server 2019, Windows RT, and desktop OSes 7, 8, and 10."

    "Informed infosec people" <snip> "have suggested sysadmins should
    disable the Windows print spool service on domain controllers as an
    immediate mitigation. Some have claimed the Patch Tuesday mitigation
    doesn't work."

    "It works from any domain user to exploit any network server using print spooler service, which is enabled by default on domain controllers."

    The most severe vulnerability was given the nicname "PrintNightmare".
    P.O.C. code was inadvertently posted to GitHub, then deleted a day or so
    later [but too late, it had been forked and circulated already].

    The article recommends immediately patching *AND* disabling the print
    spooler service on affected windows systems.


    --
    (aka 'Bombastic Bob' in case you wondered)

    'Feeling with my fingers, and thinking with my brain' - me

    'your story is so touching, but it sounds just like a lie'
    "Straighten up and fly right"

    --- SoupGate-Win32 v1.05
    * Origin: www.darkrealms.ca (1:229/2)
  • From Big Bad Bob@1:229/2 to Big Bad Bob on Tuesday, September 21, 2021 09:55:51
    From: BigBadBob-at-mrp3-dot-com@testing.local

    On 2021-07-01 05:55, Big Bad Bob wrote:
    https://www.theregister.com/2021/06/30/windows_print_spool_vuln_rce/

    "An infosec firm accidentally published a proof-of-concept exploit for a critical Windows print spooler vulnerability that can be abused by rogue users to compromise Active Directory domain controllers."

    here's some patch info for this vuln back from July (I just noticed this)

    https://techbriefly.com/2021/07/08/microsoft-releases-a-patch-to-close-the-print-nightmare-vulnerability-for-all-windows-versions-from-windows-7-onwards/

    includes some (incomplete) patching for 7

    --- SoupGate-Win32 v1.05
    * Origin: www.darkrealms.ca (1:229/2)