Details of VAR-202107-1010

ID

VAR-202107-1010

CVE

CVE-2021-34527

TITLE

Microsoft Windows Print Spooler allows for RCE via AddPrinterDriverEx()

Trust: 0.8

sources: CERT/CC: VU#383432

DESCRIPTION

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. UPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. In addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (Note: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ): <ul> <li>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint</li> <li>NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)</li> <li>UpdatePromptSettings = 0 (DWORD) or not defined (default setting)</li> </ul> Having NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design. UPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also <a href="https://support.microsoft.com/topic/31b91c02-05bc-4ada-a7ea-183b129578a7">KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates</a>. Note that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527. . Print Spooler The service is a service for realizing the waiting for printing in printing. RpcAddPrinterDriverEx() The function is used by the above services to install the printer driver. Parameters DRIVER_CONTAINER Objects and parameters dwFileCopyFlags Controls the printer driver to be installed and how to copy files. If you are an authenticated user RpcAddPrinterDriverEx() The function can be executed. Therefore, an attacker who has obtained the authentication information can specify and install the driver on the remote server.By an authenticated remote third party SYSTEM Arbitrary code can be executed with privileges. Windows Print Spooler is a printer spooler for Windows. Microsoft Windows Print Spooler Components 存在安全漏洞，攻击者可以通过该漏洞绕过PfcAddPrinterDriver的安全验证，并在打印服务器中安装恶意的驱动程序。以下产品和版本受到影响：Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows 10 Version 1909 for 32-bit Systems,Windows 10 Version 1909 for x64-based Systems,Windows 10 Version 1909 for ARM64-based Systems,Windows Server, version 1909 (Server Core installation),Windows 10 Version 21H1 for x64-based Systems,Windows 10 Version 21H1 for ARM64-based Systems,Windows 10 Version 21H1 for 32-bit Systems,Windows 10 Version 2004 for 32-bit Systems,Windows 10 Version 2004 for ARM64-based Systems,Windows 10 Version 2004 for x64-based Systems,Windows Server, version 2004 (Server Core installation),Windows 10 Version 20H2 for x64-based Systems,Windows 10 Version 20H2 for 32-bit Systems,Windows 10 Version 20H2 for ARM64-based Systems,Windows Server, version 20H2 (Server Core Installation),Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows 7 for 32-bit Systems Service Pack 1,Windows 7 for x64-based Systems Service Pack 1,Windows 8.1 for 32-bit systems,Windows 8.1 for x64-based systems,Windows RT 8.1,Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation). Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 4.05

sources: NVD: CVE-2021-34527 // CERT/CC: VU#383432 // JVNDB: JVNDB-2021-001967 // CNVD: CNVD-2021-48426 // CNNVD: CNNVD-202107-137 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-34527

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-48426

AFFECTED PRODUCTS

vendor:	microsoft	model:	windows server	scope:	eq	version:	2016	Trust: 2.4
vendor:	microsoft	model:	windows server r2 for x64-based systems service pack	scope:	eq	version:	20081	Trust: 1.2
vendor:	microsoft	model:	windows server r2	scope:	eq	version:	2012	Trust: 1.2
vendor:	microsoft	model:	windows server	scope:	eq	version:	2019	Trust: 1.2
vendor:	microsoft	model:	windows server for 32-bit systems servicepack	scope:	eq	version:	20082	Trust: 1.2
vendor:	microsoft	model:	windows 10 1809	scope:	lt	version:	10.0.17763.2029	Trust: 1.0
vendor:	microsoft	model:	windows 11 22h2	scope:	lt	version:	10.0.22621.674	Trust: 1.0
vendor:	microsoft	model:	windows server 2008	scope:	eq	version:	r2	Trust: 1.0
vendor:	microsoft	model:	windows server 20h2	scope:	lt	version:	10.0.19042.1083	Trust: 1.0
vendor:	microsoft	model:	windows 7	scope:	eq	version:	-	Trust: 1.0
vendor:	microsoft	model:	windows server 2016	scope:	lt	version:	10.0.14393.4470	Trust: 1.0
vendor:	microsoft	model:	windows 10 21h2	scope:	lt	version:	10.0.19044.1415	Trust: 1.0
vendor:	microsoft	model:	windows rt 8.1	scope:	eq	version:	-	Trust: 1.0
vendor:	microsoft	model:	windows server 2022	scope:	lt	version:	10.0.20348.230	Trust: 1.0
vendor:	microsoft	model:	windows 10 22h2	scope:	lt	version:	10.0.19045.2251	Trust: 1.0
vendor:	microsoft	model:	windows 10 20h2	scope:	lt	version:	10.0.19042.1083	Trust: 1.0
vendor:	microsoft	model:	windows server 2019	scope:	lt	version:	10.0.17763.2029	Trust: 1.0
vendor:	microsoft	model:	windows 10 1607	scope:	lt	version:	10.0.14393.4470	Trust: 1.0
vendor:	microsoft	model:	windows server 2008	scope:	eq	version:	-	Trust: 1.0
vendor:	microsoft	model:	windows server 2012	scope:	eq	version:	r2	Trust: 1.0
vendor:	microsoft	model:	windows 11 21h2	scope:	lt	version:	10.0.22000.318	Trust: 1.0
vendor:	microsoft	model:	windows 8.1	scope:	eq	version:	-	Trust: 1.0
vendor:	microsoft	model:	windows 10 1507	scope:	lt	version:	10.0.10240.18969	Trust: 1.0
vendor:	microsoft	model:	windows server 2012	scope:	eq	version:	-	Trust: 1.0
vendor:	マイクロソフト	model:	microsoft windows rt 8.1	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server 2016	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server 2012	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows 8.1	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows 7	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows 10	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server 2008	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server 2019	scope:	-	version:	-	Trust: 0.8
vendor:	microsoft	model:	windows	scope:	eq	version:	7	Trust: 0.6
vendor:	microsoft	model:	windows windows server	scope:	eq	version:	2012	Trust: 0.6
vendor:	microsoft	model:	windows	scope:	eq	version:	8.1	Trust: 0.6
vendor:	microsoft	model:	windows rt sp0	scope:	eq	version:	8.1	Trust: 0.6
vendor:	microsoft	model:	windows	scope:	eq	version:	101607	Trust: 0.6
vendor:	microsoft	model:	windows for 32-bit systems	scope:	eq	version:	10	Trust: 0.6
vendor:	microsoft	model:	windows server	scope:	eq	version:	2012	Trust: 0.6
vendor:	microsoft	model:	windows version for x64-based systems	scope:	eq	version:	101809	Trust: 0.6
vendor:	microsoft	model:	windows version for arm64-based systems	scope:	eq	version:	101809	Trust: 0.6
vendor:	microsoft	model:	windows version for 32-bit systems	scope:	eq	version:	101809	Trust: 0.6
vendor:	microsoft	model:	windows	scope:	eq	version:	101909	Trust: 0.6
vendor:	microsoft	model:	windows windows	scope:	eq	version:	101607	Trust: 0.6
vendor:	microsoft	model:	windows server for x64-based systems servicepack	scope:	eq	version:	20082	Trust: 0.6
vendor:	microsoft	model:	windows windows for x64-based systems	scope:	eq	version:	10	Trust: 0.6
vendor:	microsoft	model:	windows server 20h2	scope:	-	version:	-	Trust: 0.6
vendor:	microsoft	model:	windows server	scope:	eq	version:	1909	Trust: 0.6
vendor:	microsoft	model:	windows 20h2 for arm64-based systems	scope:	eq	version:	10	Trust: 0.6
vendor:	microsoft	model:	windows 20h2 for 32-bit systems	scope:	eq	version:	10	Trust: 0.6
vendor:	microsoft	model:	windows 20h2 for x64-based systems	scope:	eq	version:	10	Trust: 0.6
vendor:	microsoft	model:	windows for x64-based systems	scope:	eq	version:	102004	Trust: 0.6
vendor:	microsoft	model:	windows for arm64-based systems	scope:	eq	version:	102004	Trust: 0.6
vendor:	microsoft	model:	windows for 32-bit systems	scope:	eq	version:	102004	Trust: 0.6
vendor:	microsoft	model:	windows 21h1 for 32-bit systems	scope:	eq	version:	10	Trust: 0.6
vendor:	microsoft	model:	windows 21h1 for arm64-b	scope:	eq	version:	10	Trust: 0.6

sources: CNVD: CNVD-2021-48426 // JVNDB: JVNDB-2021-001967 // NVD: CVE-2021-34527

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2021-34527
value:	HIGH
Trust: 1.0
secure@microsoft.com:	CVE-2021-34527
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2021-001967
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-48426
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202107-137
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-34527
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2021-48426
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULMON:	CVE-2021-34527
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
IPA:	JVNDB-2021-001967
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-48426 // VULMON: CVE-2021-34527 // JVNDB: JVNDB-2021-001967 // CNNVD: CNNVD-202107-137 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34527 // NVD: CVE-2021-34527

PROBLEMTYPE DATA

problemtype:

CWE-269

Trust: 1.0

sources: NVD: CVE-2021-34527

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-137

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202107-137 // CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources: NVD: CVE-2021-34527

PATCH

title:	CVE-2021-34527 \| Windows Print Spooler Remote Code Execution Vulnerability	url:	https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/b96cc497-59e5-4510-ab04-5484993b259b	Trust: 0.8
title:	Patch for Microsoft Windows Print Spooler code execution vulnerability	url:	https://www.cnvd.org.cn/patchinfo/show/277186	Trust: 0.6
title:	Multiple Microsoft Product code injection vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=155832	Trust: 0.6
title:	Introduction Installation Usage Dependencies Features Does it require elevated privileges? References Screenshot	url:	https://github.com/0xirison/printnightmare-patcher	Trust: 0.2
title:	PowerShell Assign-CalendarPermission.ps1: Clear-ExternalDrive.ps1: Confirm-PrintNightmare.ps1: Get-MailboxReport.ps1: Get-NetworkDriveReport.ps1: New-JabberCSV.ps1: Remove-DeletedGroup.ps1: CreateADUser: OneDrive:	url:	https://github.com/adampumphrey/powershell	Trust: 0.2
title:	Check Point Security Alerts: Microsoft Windows Print Spooler Remote Code Execution (CVE-2021-34527)	url:	https://vulmon.com/vendoradvisory?qidtp=check_point_security_alerts&qid=93893ce22c8de5424f0b5d48db7fc253	Trust: 0.1
title:	CVE-2021-34527 - PrintNightmare LPE (PowerShell)	url:	https://github.com/johnhammond/cve-2021-34527	Trust: 0.1
title:	CVE-2021-34527 - PrintNightmare LPE (PowerShell)	url:	https://github.com/cyb3rpeace/cve-2021-34527	Trust: 0.1
title:	https://github.com/hackerhouse-opensource/hackerhouse-opensource	url:	https://github.com/hackerhouse-opensource/hackerhouse-opensource	Trust: 0.1
title:	Welcome to our PrintNightmare exploit Capstone writeup. What even is "PrintNightmare"? Detection Damage Control & the Recovery Process Once a System has been Compromised Mitigation and Isolation Reproduction of the exploit Related Links	url:	https://github.com/crtaylor315/legendary-invention	Trust: 0.1
title:	Welcome to our PrintNightmare exploit Capstone writeup. What even is "PrintNightmare"? Detection Damage Control & the Recovery Process Once a System has been Compromised Mitigation and Isolation Reproduction of the exploit Related Links	url:	https://github.com/crtaylor315/printnightmare-before-halloween	Trust: 0.1
title:	CVE-2021-34527 - PrintNightmare LPE (PowerShell)	url:	https://github.com/sh7alward/cve-20121-34527-nightmare	Trust: 0.1
title:	CVE-2021-34527-1675	url:	https://github.com/cnoxx1/cve-2021-34527-1675	Trust: 0.1
title:	PrintNightmare CVE-2021-34527	url:	https://github.com/powershellpr0mpt/printnightmare-cve-2021-34527	Trust: 0.1
title:	HardeningKitty	url:	https://github.com/scipag/hardeningkitty	Trust: 0.1
title:	Invoke-PrinterNightmareCheck	url:	https://github.com/wiredpulse/invoke-printernightmareresponse	Trust: 0.1
title:	CVE-2021-34527	url:	https://github.com/hackerhouse-opensource/cve-2021-34527	Trust: 0.1
title:	It Was All A Dream Why? Alternatives Installation Usage Credits	url:	https://github.com/byt3bl33d3r/itwasalladream	Trust: 0.1
title:	https://github.com/CanaanGM/cap_ze_flag	url:	https://github.com/canaangm/cap_ze_flag	Trust: 0.1
title:	CVE-2021-34527-PrintNightmare-Workaround	url:	https://github.com/geekbrett/cve-2021-34527-printnightmare-workaround	Trust: 0.1
title:	Powershell serviceflipper script for Spool service	url:	https://github.com/floridop/serviceflipper	Trust: 0.1
title:	CVE-2021-34527 PrintNightmare PoC 👾	url:	https://github.com/d0rb/cve-2021-34527	Trust: 0.1
title:	PowerShell-Scripts	url:	https://github.com/secmk/powershell-scripts	Trust: 0.1
title:	HardeningKitty and Windows 10 Hardening	url:	https://github.com/0x6d69636b/windows_hardening	Trust: 0.1
title:	HardeningKitty	url:	https://github.com/alssi-consulting/hardeningkitty	Trust: 0.1
title:	random-scripts	url:	https://github.com/romarroca/random-scripts	Trust: 0.1
title:	disable-RegisterSpoolerRemoteRpcEndPoint	url:	https://github.com/rdboboia/disable-registerspoolerremoterpcendpoint	Trust: 0.1
title:	It Was All A Dream Why? Alternatives Installation Usage Credits	url:	https://github.com/vk9d/printnightmare	Trust: 0.1
title:	PrintNightmare (CVE-2021-34527)	url:	https://github.com/m8sec/cve-2021-34527	Trust: 0.1
title:	PrintNightmare	url:	https://github.com/synth3sis/printnightmare	Trust: 0.1
title:	CVE	url:	https://github.com/thangnguyenchien/cve	Trust: 0.1
title:	PrintNightmare	url:	https://github.com/tomparte/printnightmare	Trust: 0.1
title:	Printnightmare	url:	https://github.com/eutectico/printnightmare	Trust: 0.1
title:	HardeningKitty and Windows 10 Hardening	url:	https://github.com/jcabrale/windows_hardening	Trust: 0.1
title:	Hacker Arsenal Tookit (HaRT)	url:	https://github.com/init6source/hacker-arsenal-toolkit	Trust: 0.1
title:	PrintNightMareChecker Screenshot	url:	https://github.com/yyhh91/printnightmarechecker	Trust: 0.1
title:	This is a scanner for the service Windows-Print-Spooler in risk Based on CVE-2021-34527 PoC originally created by cube0x0	url:	https://github.com/dywhoami/cve-2021-34527-scanner-based-on-cube0x0-poc	Trust: 0.1
title:	HardeningKitty	url:	https://github.com/adamamicro/cahard	Trust: 0.1
title:	Invoke-PSObfuscation	url:	https://github.com/gh0x0st/invoke-psobfuscation	Trust: 0.1
title:	Offensive Cybersecurity Toolkit	url:	https://github.com/chdav/offensive-cybersec-toolkit	Trust: 0.1
title:	PsFix-CVE-2021-34527	url:	https://github.com/fardinbarashi/psfix-cve-2021-34527	Trust: 0.1
title:	Introduction Installation Usage Dependencies Features Does it require elevated privileges? References Screenshot	url:	https://github.com/0xirison/printernightmare-patcher	Trust: 0.1
title:	This is a scanner for the service Windows-Print-Spooler in risk Based on CVE-2021-34527 PoC originally created by cube0x0	url:	https://github.com/dywhoami/cve-2021-34527-scanner-not-poc-based-cube0x0	Trust: 0.1
title:	Disable-Spooler-Service-PrintNightmare-CVE-2021-34527	url:	https://github.com/vinaysudheer/disable-spooler-service-printnightmare-cve-2021-34527	Trust: 0.1
title:	Trabalho_Grau_B	url:	https://github.com/rafaelwduarte/trabalho_grau_b	Trust: 0.1
title:	CVE-2021-34527	url:	https://github.com/amaranese/cve-2021-34527	Trust: 0.1
title:	PowerShell-PrintNightmare	url:	https://github.com/syntaxbearror/powershell-printnightmare	Trust: 0.1
title:	Invoke-PrinterNightmareCheck	url:	https://github.com/wiredpulse/invoke-printernightmarecheck	Trust: 0.1
title:	HardeningKitty	url:	https://github.com/gokul-c/cis-hardening-windows-l1	Trust: 0.1
title:	printnightmare	url:	https://github.com/glorisonlai/printnightmare	Trust: 0.1
title:	PrintNightmare-Windows Print Spooler RCE/LPE Vulnerability(CVE-2021-34527, CVE-2021-1675)	url:	https://github.com/nathanealm/printnightmare-exploit	Trust: 0.1
title:	CVE-2021-1675 / CVE-2021-34527 Official Guidance (Taken from CVE-2021-34527	url:	https://github.com/denizse/cve-2021-34527	Trust: 0.1
title:	PrintNightmare exploit	url:	https://github.com/outflanknl/printnightmare	Trust: 0.1
title:	SpoolSploit Disclaimer Credits	url:	https://github.com/edsonjt81/spoolsploit	Trust: 0.1
title:	Local Privilege Escalation Edition of CVE-2021-1675/CVE-2021-34527	url:	https://github.com/hlldz/cve-2021-1675-lpe	Trust: 0.1
title:	PrintNightmareCheck	url:	https://github.com/xbufu/printnightmarecheck	Trust: 0.1
title:	CVE-2021-1675 / CVE-2021-34527	url:	https://github.com/cube0x0/cve-2021-1675	Trust: 0.1
title:	SpoolSploit Disclaimer Credits	url:	https://github.com/beetlechunks/spoolsploit	Trust: 0.1
title:	PowerSharpPack	url:	https://github.com/wowter-code/powersharppack	Trust: 0.1
title:	CVE-2021-1675 / CVE-2021-34527	url:	https://github.com/edsonjt81/cve-2021-1675	Trust: 0.1
title:	microsoft-vulnerabilidades Vulnerabilidade de execução remota de código do Spooler de Impressão do Windows CVE-2021-34527 Sinopse Having NoWarningNoElevationOnInstall definido como 1 torna seu sistema vulnerável por design. Soluções alternativas Determinar se o serviço Spooler de Impressão está em execução Opção 1 — Desabilitar o serviço Spooler de Impressão Opção 2 — Desabilitar a impressão remota de entrada por meio da Política de Grupo	url:	https://github.com/alvesnet-suporte/microsoft-vulnerabilidades	Trust: 0.1
title:	CVE-2021-1675 / CVE-2021-34527 Official Guidance (Taken from CVE-2021-34527	url:	https://github.com/denizse/cve-2021-1675	Trust: 0.1
title:	CVE-2021-1675 / CVE-2021-34527	url:	https://github.com/mtthwstffrd/cube0x0-cve-2021-1675	Trust: 0.1
title:	CVE-2021-1675 / CVE-2021-34527	url:	https://github.com/auduongxuan/cve-2022-26809	Trust: 0.1
title:	Windows Print Spooler Service RCE CVE-2021-1675 (PrintNightmare) How to disable the Print Spooler service ? CMD Shell PowerShell Service Control References	url:	https://github.com/ozergoker/printnightmare	Trust: 0.1
title:	SpoolSploit Disclaimer Credits	url:	https://github.com/merlinepedra25/spoolsploit	Trust: 0.1
title:	PrintNightmare (CVE-2021-1675)	url:	https://github.com/corelight/cve-2021-1675	Trust: 0.1
title:	SpoolSploit Disclaimer Credits	url:	https://github.com/yahya950/spoolsploit	Trust: 0.1
title:	CVE-2021-1675 / CVE-2021-34527	url:	https://github.com/galoget/printnightmare-cve-2021-1675-cve-2021-34527	Trust: 0.1
title:	Sponsored by PowerSharpPack	url:	https://github.com/orgtestcodacy11krepos110mb/repo-9265-powersharppack	Trust: 0.1
title:	PrintNightmare	url:	https://github.com/ly4k/printnightmare	Trust: 0.1
title:	Invoke-BuildAnonymousSMBServer	url:	https://github.com/3gstudent/invoke-buildanonymoussmbserver	Trust: 0.1
title:	PrintNightmare	url:	https://github.com/retr0-13/printnightmare	Trust: 0.1
title:	awesome-c-sharp	url:	https://github.com/uhub/awesome-c-sharp	Trust: 0.1
title:	PowerSharpPack	url:	https://github.com/merlinepedra25/powersharppack	Trust: 0.1
title:	PowerSharpPack	url:	https://github.com/merlinepedra/powersharppack	Trust: 0.1
title:	CNightmare - CVE-2021-1675 POC	url:	https://github.com/d0nkeyk0ng787/printnightmare-poc	Trust: 0.1
title:	PrintNightmare - Windows Print Spooler RCE/LPE Vulnerability (CVE-2021-34527, CVE-2021-1675)	url:	https://github.com/nemo-wq/cve-2021-1675_cve-2021-34527_printnightmare	Trust: 0.1
title:	CVE-2021-1675 / CVE-2021-34527 Official Guidance (Taken from CVE-2021-34527	url:	https://github.com/denizse/cve-2020-1675	Trust: 0.1
title:	Print Nightmare 分析报告	url:	https://github.com/hahaleyile/my-cve-2021-1675	Trust: 0.1
title:	From Lares Labs: Detection & Remediation Information for CVE-2021-1675 & CVE-2021-34527 Flow Chart Workaround Fix Sysmon Config File Splunk Queries KQL Query for Sentinel / MDE via Olaf Hartong Zeek Observations Carbon Black Hunting Query for CVE-2021-1675 References	url:	https://github.com/laresllc/cve-2021-1675	Trust: 0.1
title:	SpoolSploit Disclaimer Credits	url:	https://github.com/merlinepedra/spoolsploit	Trust: 0.1
title:	Sponsored by PowerSharpPack	url:	https://github.com/oscpname/ad_powersharppack	Trust: 0.1
title:	cyber-ansible	url:	https://github.com/carloslacasa/cyber-ansible	Trust: 0.1
title:	PrintNightmare Credits	url:	https://github.com/raithedavion/printnightmare	Trust: 0.1
title:	CVE-2021-1675 / CVE-2021-34527	url:	https://github.com/eng-amarante/cybersecurity	Trust: 0.1
title:	Printnightmare Safe Tool	url:	https://github.com/ssbhaumik/printnightmare-safetool	Trust: 0.1
title:	https://github.com/p0haku/cve_scraper	url:	https://github.com/p0haku/cve_scraper	Trust: 0.1
title:	Awesome Stars	url:	https://github.com/pluja/stars	Trust: 0.1
title:	PrintNightmare	url:	https://github.com/ollypwn/printnightmare	Trust: 0.1
title:	PrintNightmare - Windows Print Spooler RCE/LPE Vulnerability (CVE-2021-34527, CVE-2021-1675)	url:	https://github.com/nemo-wq/printnightmare-cve-2021-34527	Trust: 0.1
title:	TryHackMe \| PrintNightmare	url:	https://github.com/r1skkam/printnightmare	Trust: 0.1
title:	Sponsored by PowerSharpPack	url:	https://github.com/61106960/clipysharppack	Trust: 0.1
title:	Sponsored by PowerSharpPack	url:	https://github.com/s3cur3th1ssh1t/powersharppack	Trust: 0.1
title:	RedCsharp	url:	https://github.com/boh/redcsharp	Trust: 0.1
title:	CVE-2021-34527_mitigation	url:	https://github.com/widespreadpandemic/cve-2021-34527_acl_mitigation	Trust: 0.1
title:	EVTX to MITRE Att@ck	url:	https://github.com/mdecrevoisier/evtx-to-mitre-attack	Trust: 0.1
title:	CVE-2021-34527_mitigation	url:	https://github.com/widespreadpandemic/cve-2021-34527_mitigation	Trust: 0.1
title:	RDP Breaker Tool	url:	https://github.com/royalboy2000/coderdpbreaker	Trust: 0.1
title:	https://github.com/glshnu/PrintNightmare	url:	https://github.com/glshnu/printnightmare	Trust: 0.1
title:	SharpKatz	url:	https://github.com/b4rtik/sharpkatz	Trust: 0.1
title:	INTRODUCTION TO ACTIVE DIRECTORY Introduction to Active Directory Enumeration & Attacks	url:	https://github.com/gecr07/htb-academy	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2021/07/16/spooler_service_local_privilege_escalation/	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2021/07/07/printnightmare_patched/	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2021/07/07/printnightmare_fix_fail/	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2021/07/02/printnightmare_cve/	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2022/03/16/russia-attack-ngo-mfa-printnightmare/	Trust: 0.1

sources: CNVD: CNVD-2021-48426 // VULMON: CVE-2021-34527 // JVNDB: JVNDB-2021-001967 // CNNVD: CNNVD-202107-137

EXTERNAL IDS

db:	NVD	id:	CVE-2021-34527	Trust: 3.9
db:	CERT/CC	id:	VU#383432	Trust: 2.2
db:	PACKETSTORM	id:	167261	Trust: 1.7
db:	JVN	id:	JVNVU96262037	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-001967	Trust: 0.8
db:	CNVD	id:	CNVD-2021-48426	Trust: 0.6
db:	PACKETSTORM	id:	165024	Trust: 0.6
db:	CS-HELP	id:	SB2021070204	Trust: 0.6
db:	CXSECURITY	id:	WLB-2022050084	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-137	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	VULMON	id:	CVE-2021-34527	Trust: 0.1

sources: CERT/CC: VU#383432 // CNVD: CNVD-2021-48426 // VULMON: CVE-2021-34527 // JVNDB: JVNDB-2021-001967 // CNNVD: CNNVD-202107-137 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34527

REFERENCES

url:	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-34527	Trust: 2.3
url:	http://packetstormsecurity.com/files/167261/print-spooler-remote-dll-injection.html	Trust: 2.3
url:	cve-2021-1675	Trust: 0.8
url:	cve-2021-34527	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu96262037	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34527	Trust: 0.8
url:	https://www.ipa.go.jp/security/ciadr/vul/20210705-ms.html	Trust: 0.8
url:	https://www.jpcert.or.jp/at/2021/at210029.html	Trust: 0.8
url:	https://kb.cert.org/vuls/id/383432	Trust: 0.8
url:	https://us-cert.cisa.gov/ncas/current-activity/2021/06/30/printnightmare-critical-windows-print-spooler-vulnerability	Trust: 0.8
url:	https://www.kb.cert.org/vuls/id/383432	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021070204	Trust: 0.6
url:	https://cxsecurity.com/issue/wlb-2022050084	Trust: 0.6
url:	https://packetstormsecurity.com/files/165024/printnightmare-vulnerability.html	Trust: 0.6
url:	https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-34527	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/269.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.theregister.co.uk/2021/07/07/printnightmare_patched/	Trust: 0.1
url:	https://github.com/hackerhouse-opensource/hackerhouse-opensource	Trust: 0.1
url:	https://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2021-1666.html	Trust: 0.1

CREDITS

This document was written by Will Dormann.We have not received a statement from the vendor.

Trust: 0.8

sources: CERT/CC: VU#383432

SOURCES

db:	CERT/CC	id:	VU#383432
db:	CNVD	id:	CNVD-2021-48426
db:	VULMON	id:	CVE-2021-34527
db:	JVNDB	id:	JVNDB-2021-001967
db:	CNNVD	id:	CNNVD-202107-137
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-34527

LAST UPDATE DATE

2024-02-13T01:24:45.306000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#383432	date:	2021-08-03T00:00:00
db:	CNVD	id:	CNVD-2021-48426	date:	2021-07-07T00:00:00
db:	VULMON	id:	CVE-2021-34527	date:	2024-02-02T00:00:00
db:	JVNDB	id:	JVNDB-2021-001967	date:	2021-07-08T08:31:00
db:	CNNVD	id:	CNNVD-202107-137	date:	2022-05-26T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-34527	date:	2024-02-02T17:24:01.260

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#383432	date:	2021-06-30T00:00:00
db:	CNVD	id:	CNVD-2021-48426	date:	2021-07-07T00:00:00
db:	VULMON	id:	CVE-2021-34527	date:	2021-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2021-001967	date:	2021-07-06T00:00:00
db:	CNNVD	id:	CNNVD-202107-137	date:	2021-07-01T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-34527	date:	2021-07-02T22:15:08.757