vulnerbility — LowEndSpirit https://staging.lowendspirit.com/index.php?p=/ Fri, 05 Jun 2026 16:58:10 +0000 en vulnerbility — LowEndSpirit PrintNightmare CVE-2021-1675 https://staging.lowendspirit.com/index.php?p=/discussion/3079/printnightmare-cve-2021-1675 Thu, 01 Jul 2021 10:45:53 +0000 Technical mikho 3079@/index.php?p=/discussions

PrintNightmare (CVE-2021-1675) is a vulnerability that allows an attacker with a regular user account to take over a server running the Windows Print Spooler service. This is by default running on all Windows servers and clients, including domain controllers, in an Active Directory environment.

In practice, this means that an attacker with a regular domain account can take over the entire Active Directory in a simple step. For example, if a user is compromised with a phishing attack, a threat actor can use the compromised computer to easily take over Active Directory in a matter of seconds (this can also be fully automated).

Source: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allows-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-1675/

Luckily, it looks like there is a workaround that actually works.

The exploit works by dropping a DLL in a subdirectory under C:\Windows\System32\spool\drivers

By restricting the ACLs on this directory (and subdirectories) we can prevent malicious DLLs to be introduced by the print spooler service.

Source: https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/

]]>