PrintNightmare

PrintNightmare is a critical security vulnerability affecting the Microsoft Windows operating system.^[2][5] The vulnerability occurred within the print spooler service.^[6][7] There were two variants, one permitting remote code execution (CVE-2021-34527), and the other leading to privilege escalation (CVE-2021-1675).^[7][8] A third vulnerability (CVE-2021-34481) was announced July 15, 2021, and upgraded to remote code execution by Microsoft in August.^[9][10]

PrintNightmare

CVE identifiers	CVE-2021-1675 CVE-2021-34527 CVE-2021-34481
Date discovered	June 29, 2021; 4 years ago (2021-06-29)
Date patched	July 6, 2021; 4 years ago (2021-07-06)[1]
Discoverer	Sangfor[2][3]
Affected software	Microsoft Windows 7, 8, 8.1, 10, 11 Microsoft Windows Server 2008, 2012, 2012 R2, 2016, 2019, 2022[4]

On July 6, 2021, Microsoft started releasing out-of-band (unscheduled) patches attempting to address the vulnerability.^[11] Due to its severity, Microsoft released patches for Windows 7, for which support had ended in January 2020.^[11][12] The patches resulted in some printers ceasing to function.^[13][14] Researchers have noted that the vulnerability has not been fully addressed by the patches.^[15] After the patch is applied, only administrator accounts on Windows print server will be able to install printer drivers.^[16] Part of the vulnerability related to the ability of non-administrators to install printer drivers on the system, such as shared printers on system without sharing password protection.^[16]

The organization which discovered the vulnerability, Sangfor, published a proof of concept in a public GitHub repository.^[3][17] Apparently published in error, or as a result of a miscommunication between the researchers and Microsoft, the proof of concept was deleted shortly after.^[3][18] However, several copies have since appeared online.^[3]

See also

• BlueKeep
• EternalBlue