What has happened?
With the June 2021 security update Microsoft fixed a vulnerability (CVE-2021-1675) in the Windows Print Spooler Service that allowed for Privilege Escalation (LPE) and Remote Code Execution (RCE).
On June 29th exploit code for this vulnerability was published by a security researcher as PoC but then quickly removed as it was clear that the PoC did not address the vulnerability that Microsoft has fixed. Unfortunately the PoC code was already being actively shared at this moment. So for now, we have a 0-day RCE in the Windows Print Spooler Service for which exploit code is available.
Continue reading “Vulnerability advisory: PrintNightmare/CVE-2021-34527 Zero-day Exploit Code Available – What to do now?”