According to Microsoft, this is a code execution flaw within Windows Print Spooler that gives incorrect file privileges. It has been given the ID number CVE-2021-36958 and has the following official description: “A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” Microsoft is noting this problem as a remote code execution (RCE) vulnerability. However, some people disagree, including CERT’s Will Dormann, who told Bleeping Computer “it’s clearly local (LPE)”. Interesting, Microsoft also describes the flaw as a local privilege escalation in the documentation. It could just be an accident on Microsoft’s part. By the way, the company says a fix is being worked on but until then it is time to turn off the Windows Print Spooler once again.

PrintNightmare

PrintNightmare started as From an exploit PoC accidentally leaking online in June, to Microsoft later issuing an emergency out of band patch. PrintNightmare was spotted by security researchers at Sangfor, the flaw became active when the group accidentally released the proof-of-concept (PoC). This gave attackers the knowledge of how to exploit the flaw, meaning they could conduct remote execution code attacks to gain system-level privileges. Print Spooler is a service on Windows that runs by default. It is also an older component of the platform, which means all Windows versions are affected. Tip of the day: By default, the most used apps group in your start menu shows the six most frequently used apps. However, you can customize your Windows 10 Start Menu to exclude certain apps from the list or get rid of the most used apps section entirely.

Microsoft Confirms PrintNightmare is Back with New Windows Print Spooler Flaw - 47Microsoft Confirms PrintNightmare is Back with New Windows Print Spooler Flaw - 89Microsoft Confirms PrintNightmare is Back with New Windows Print Spooler Flaw - 39Microsoft Confirms PrintNightmare is Back with New Windows Print Spooler Flaw - 72Microsoft Confirms PrintNightmare is Back with New Windows Print Spooler Flaw - 59