PrintNightmare

PrintNightmare is a critical security vulnerability affecting the Microsoft Windows operating system. The vulnerability occurred within the print spooler service. There were two variants, one permitting remote code execution (CVE-2021-34527), and the other leading to privilege escalation (CVE-2021-1675). A third vulnerability (CVE-2021-34481) was announced July 15, 2021, and upgraded to remote code execution by Microsoft in August.

On July 6, 2021, Microsoft started releasing out-of-band (unscheduled) patches attempting to address the vulnerability. Due to its severity, Microsoft released patches for Windows 7, for which support had ended in January 2020. The patches resulted in some printers ceasing to function. Researchers have noted that the vulnerability has not been fully addressed by the patches. After the patch is applied, only administrator accounts on Windows print server will be able to install printer drivers. Part of the vulnerability related to the ability of non-administrators to install printer drivers on the system, such as shared printers on system without sharing password protection.

The organization which discovered the vulnerability, Sangfor, published a proof of concept in a public GitHub repository. Apparently published in error, or as a result of a miscommunication between the researchers and Microsoft, the proof of concept was deleted shortly after. However, several copies have since appeared online.