Quick look at CVE-2021-1675 & CVE-2021-34527 (aka PrintNightmare)

Last week Microsoft warned Windows users about vulnerabilities in the Windows Print Spooler service – CVE-2021-1675 and CVE-2021-34527 (also known as PrintNightmare). Both vulnerabilities can be used by an attacker with a regular user account to take control of a vulnerable server or client machine that runs the Windows Print Spooler service. This service is enabled by default on all Windows clients and servers, including domain controllers.

Kaspersky products protect against attacks leveraging these vulnerabilities. The following detection names are used:

  • HEUR:Exploit.Win32.CVE-2021-1675.
  • HEUR:Exploit.Win32.CVE-2021-34527.
  • HEUR:Exploit.MSIL.CVE-2021-34527.
  • HEUR:Exploit.Script.CVE-2021-34527.
  • HEUR:Trojan-Dropper.Win32.Pegazus.gen
  • PDM:Exploit.Win32.Generic
  • PDM:Trojan.Win32.Generic
  • Exploit.Win32.CVE-2021-1675.
  • Exploit.Win64.CVE-2021-1675.

Read more…
Source: Kaspersky

Related story: Microsoft’s incomplete PrintNightmare patch fails to fix vulnerability