A new and unpatched Zero-day exploit has just been released, along with Proof-of-Concept code, which grants attackers full Remote  Code Execution capabilities on fully patched Windows Print Spooler devices.

The hack, called PrintNightmare, was accidentally released by Chinese security company Sangfor, who confused it with a similar Print Spooler exploit which Microsoft has already patched.

PrintNightmare however is effective on fully patched Windows Server 2019 machines and allows attacker code to run with full privileges.

The main mitigating factor is that hackers need some (even low-privilege) credentials for the network, but for enterprise networks, these can be easily purchased for around $3.

This means corporate networks are again extremely vulnerable to (especially ransomware) attacks, with security researchers recommending companies disable their Windows Print Spoolers.

Read more about the issue at BleepingComputer here.

Comments