Notes
Notes - notes.io |
Impact
This vulnerability enables remote command execution and local privilege escalation, allowing an attacker with valid user credentials to compromise vulnerable Windows hosts. Note that the Windows Print Spooler is also active on domain controllers by default, thus a full domain compromise can be achieved with any valid domain user credentials.
How Was It Discovered?
On June 29, 2021, information about a remotely exploitable vulnerability in the Microsoft Windows Print Spooler service was made public. The vulnerability was originally discovered by security researchers at Sangfor Technologies and responsibly disclosed to Microsoft, as it affects all Windows versions.
What's up With the Double CVE Designation?
The patch, released on June 8, 2021, originally seemed to have addressed this vulnerability but not the fundamental problem that initially allowed this vulnerability to exist. This resulted in a new exploitation technique that bypassed the patch, leading to a brand new CVE — CVE-2021-34527. This vulnerability is similar, but distinct from the vulnerability that is assigned CVE-2021-1675.
Is There a Public Exploit Code Available?
There are multiple versions of functional exploit code available on the internet. Implementations have also been added to popular attack tools like Mimikatz and Metasploit.
So What Is the Actual Vulnerability?
The Windows Print Spooler service fails to restrict access to the RpcAddPrinterDriverEx Windows API call (the underpinning of the Point and Print capability), resulting in the ability to execute code with SYSTEM privileges. The access restriction issue in RpcAddPrinterDriverEx was addressed by a patch. However, security researches discovered an alternative function, RpcAsyncAddPrinterDriver, which is now used in newer exploit versions to bypass the patch entirely and achieve remote code execution as well as local privilege escalation. Ultimately, this vulnerability allows attackers to load a malicious DLL in a Windows host under SYSTEM privileges.
|
|
Notes.io is a web-based application for taking notes. You can take your notes and share with others people. If you like taking long notes, notes.io is designed for you. To date, over 8,000,000,000 notes created and continuing...
With notes.io;
- * You can take a note from anywhere and any device with internet connection.
- * You can share the notes in social platforms (YouTube, Facebook, Twitter, instagram etc.).
- * You can quickly share your contents without website, blog and e-mail.
- * You don't need to create any Account to share a note. As you wish you can use quick, easy and best shortened notes with sms, websites, e-mail, or messaging services (WhatsApp, iMessage, Telegram, Signal).
- * Notes.io has fabulous infrastructure design for a short link and allows you to share the note as an easy and understandable link.
Fast: Notes.io is built for speed and performance. You can take a notes quickly and browse your archive.
Easy: Notes.io doesn’t require installation. Just write and share note!
Short: Notes.io’s url just 8 character. You’ll get shorten link of your note when you want to share. (Ex: notes.io/q )
Free: Notes.io works for 12 years and has been free since the day it was started.
You immediately create your first note and start sharing with the ones you wish. If you want to contact us, you can use the following communication channels;
Email: [email protected]
Twitter: http://twitter.com/notesio
Instagram: http://instagram.com/notes.io
Facebook: http://facebook.com/notesio
Regards;
Notes.io Team
