Microsoft on Thursday officially confirmed that the “PrintNightmare” remote code execution (RCE) vulnerability affecting Windows Print Spooler is different from the issue the company addressed as part of its Patch Tuesday update released earlier this month, while warning that it has detected exploitation attempts targeting the flaw.
The company is tracking the security weakness under the identifier CVE-2021-34527, and has assigned it a severity rating of 8.8 on the CVSS scoring system. All versions of Windows contain the vulnerable code and are susceptible to exploitation.
“A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations,” Microsoft said in its advisory. “An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
“An attack must involve an authenticated user calling RpcAddPrinterDriverEx(),” the Redmond-based firm added. When reached by The Hacker News, the company said it had nothing to share beyond the advisory.
The acknowledgment comes after researchers from Hong Kong-based cybersecurity company Sangfor published a technical deep-dive of a Print Spooler RCE flaw to GitHub, along with a fully working PoC code, before it was taken down just hours after it went up.
The disclosures also set off speculation and…