Last week, researchers published details of the technique (PoC) that accidentally exposed a critical Windows Print Spooler vulnerability, also known as PrintNightmare, that could allow users to access corporate networks. Although a hotfix has been released for the vulnerability, the vast majority of users have not yet downloaded and installed the patch. Although the exploit was quickly removed from GitHub, some users were able to quickly download and republish the technique.
Following this, PrintNightmare runs the Windows Print Spooler service. securityIt became available to cybercriminals with a normal user account to take control of a vulnerable server or client. The vulnerability gives the attacker the opportunity to distribute and install malicious programs on the victim’s computer, including vulnerable domain controllers, steal stored data, and create new accounts with full user rights.
After the first version of the PoC exploit became public, researchers began releasing other versions of the exploit. The PrintNightmare vulnerability is also exploited in new framework modules such as Mimikatz and Metasploit. In conclusionKaspersky experts predict that the number of attempts to gain access to corporate resources using the PrintNightmare exploit will increase, accompanied by new risks of ransomware and data theft.
Kaspersky Security Specialist Evgeny Lopatin says: “This vulnerability is really serious because it allows cybercriminals to access other computers on an organization’s network. Since the exploit is public, many scammers will take advantage of it. Therefore, we urge all users to apply the latest security updates for Windows.”
Experts protect against attacks that exploit these vulnerabilities and detect malicious attempts by: