While Microsoft released two security updates to fix various PrintNightmare vulnerabilities, another vulnerability publicly disclosed by security researcher Benjamin Delpy still allowed threat actors to quickly gain SYSTEM privileges simply by connecting to a remote print server.Īs demonstrated below, Delpy's vulnerability abused the CopyFiles directive to copy and execute malicious DLL using SYSTEM privileges when a user installed a remote printer. This vulnerability exploits the Windows Point and Print feature to perform remote code execution and gain local SYSTEM privileges. In June, a zero-day Windows print spooler vulnerability dubbed PrintNightmare (CVE-2021-34527) was accidentally disclosed. Microsoft has released a security update to fix the last remaining PrintNightmare zero-day vulnerabilities that allowed attackers to gain administrative privileges on Windows devices quickly.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |