New Windows Server PrintNightmare Zero-day exploit may be the new Hafnium

by Surur
June 30, 2021

A new and unpatched Zero-day exploit has just been released, along with Proof-of-Concept code, which grants attackers full Remote  Code Execution capabilities on fully patched Windows Print Spooler devices.

The hack, called PrintNightmare, was accidentally released by Chinese security company Sangfor, who confused it with a similar Print Spooler exploit which Microsoft has already patched.

PrintNightmare however is effective on fully patched Windows Server 2019 machines and allows attacker code to run with full privileges.

The main mitigating factor is that hackers need some (even low-privilege) credentials for the network, but for enterprise networks, these can be easily purchased for around $3.

This means corporate networks are again extremely vulnerable to (especially ransomware) attacks, with security researchers recommending companies disable their Windows Print Spoolers.

Read more about the issue at BleepingComputer here.

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}