As of August 12, there is no patch for CVE-2021-36958. CVE-2021-36958 arises improper file privilege management and allows attackers to execute arbitrary code with SYSTEM-level privileges. Updatesġ2 August 2021: CVE-2021-34527 has been patched, but a new zero-day vulnerability in Windows Print Spooler, CVE-2021-36958, was announced on 11 August 2021. This command can be executed by any user who can authenticate to the Spooler service.
#A personal nightmare dos download driver#
This driver may contain arbitrary code that will be executed with SYSTEM privileges on the victim server. The DRIVER_CONTAINER object is then used within the call to RpcAddPrinterDriver to load the driver. The client then allocates a DRIVER_INFO_2 object and initializes a DRIVER_CONTAINER object that contains the allocated DRIVER_INFO_2 object.
A client uses the RPC call to add a driver to the server, storing the desired driver in a local directory or on the server via SMB. The vulnerability is in the RpcAddPrinterDriver call of the Windows Print Spooler. Therefore, it is expected that in the vast majority of enterprise environments, Windows systems are vulnerable to remote code execution by authenticated attackers. The vulnerable service is enabled by default on Windows Server, with the exception of Windows Server Core.
Rapid7 researchers confirmed that public exploits worked against fully patched Windows Server 2019 installations as of July 1, 2021. As of July 1, at least three different proof-of-concept exploits had been made public. On June 29, 2021, as proof-of-concept exploits for the vulnerability began circulating, security researchers discovered that a vulnerability they thought to be CVE-2021-1675 was still exploitable on some systems that had been patched. Although originally classified as a privilege escalation vulnerability, security researchers have demonstrated that the vulnerability allows authenticated users to gain remote code execution with SYSTEM-level privileges. On June 8, 2021, Microsoft released an advisory and patch for CVE-2021-1675 (“PrintNightmare”), a critical vulnerability in the Windows Print Spooler. Defenders should now follow guidance and remediation information on the new vulnerability identifier, CVE-2021-34527, instead. This was later confirmed, and Microsoft issued a new CVE for what the research community originally thought was CVE-2021-1675. Vulnerability note: This blog originally referenced CVE-2021-1675, but members of the community noted the week of June 29 that the publicly available exploits that purported to exploit CVE-2021-1675 may in fact have been targeting a new vulnerability in the same function as CVE-2021-1675.
0 kommentar(er)
