Security researchers in China have accidentally disclosed a critical Windows zero-day bug which is tracked as PrintNightmare.

Shenzhen-based Sangfor Technologies have accidentally leaked the technical details and a proof-of-concept (PoC) exploit for a currently unpatched vulnerability in Windows that allows remote code execution.

It was released this week after confusion over another Print Spooler vulnerability status.

Microsoft has patched a high severity elevation of privilege vulnerability, CVE-2021-1675 in its June Patch Tuesday. But last Monday it reclassified the bug as critical, after analyzing that it could enable remote code execution (RCE) without adding any more information.

The researchers at Sangfor assumed that their RCE proof-of-concept affecting Windows Print Spooler was the same. As CVE-2021-1675 was already patched, they released the details earlier than the intended date of Black Hat USA in August.

Now there is a zero-day in Print Spooler, with domain controller servers particularly at risk. The threat actors can access the enterprise networks using the remote control of these.

Even though authentication is necessary, it is an increasingly low bar for attackers, given the volume of breached credentials for RDP and other systems on the dark web.

Sophos principal research scientist, Paul Ducklin said that Microsoft could release an out-of-band update to fix this before the July Patch Tuesday.

Those users having servers that need to leave the Print Spooler running are suggested to limit network access to those servers as strictly as possible, even if some of the users experience temporary inconvenience.

Also, if there are servers where Print Spooler is not necessary, it should be turned off even after a patch is available.

Image Credits : Red Piranha

The post Windows Zero-Day accidentally disclosed by Chinese Researchers first appeared on Cybersafe News.

You May Also Like

Critical vulnerabilities in Dell laptops’ UEFI allow them to be hacked forever, even when removing the hard drive

Researchers from firmware security firm Binarly confirmed the detection of some critical…

AWS patches to fix Log4j vulnerabilities could be exploited for privilege escalation or container escape attacks

Cybersecurity specialists from Palo Alto Networks mention that patches released by Amazon…

Chinese researchers find multiple vulnerabilities in VMware ESXi, Workstation and Fusion; update ASAP

Earlier this week, VMware announced the correction of multiple critical vulnerabilities in…