Microsoft confirms presence of PrintNightmare vulnerable code in all versions of Windows

Microsoft has assigned CVE-2021-34527 to the print spooler remote code execution vulnerability known as “PrintNightmare” and confirmed that the offending code is lurking in all versions of Windows.

The megacorp said it was still investigating whether the vulnerability was exploitable in every version, but domain controllers are indeed affected.

Microsoft also confirmed that this nasty was distinct from CVE-2021-1675, which was all about a different attack vector and a different vulnerability in RpcAddPrinterDriverEx(). The June 2021 Security update dealt with that, according to Microsoft, and did not introduce the new badness. That had existed prior to the update.

Read more…
Source: The Register