PrintNightmare, Critical Windows Print Spooler Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to National Cyber Awareness System Current Activity for
Cybersecurity and Infrastructure Security Agency. This information has recently
been updated, and is now available.

Critical Windows Print Spooler Vulnerability

06/30/2021 05:32 PM EDT


release date: June 30, 2021

The CERT Coordination Center (CERT/CC) has released a VulNote for a critical remote
code execution vulnerability in the Windows Print spooler service, noting:
“while Microsoft has released an update
for CVE-2021-1675
, it is important to realize that this update does not
address the public exploits that also identify as CVE-2021-1675.” An attacker
can exploit this vulnerability—nicknamed PrintNightmare—to take control of an
affected system.

CISA encourages administrators to disable the Windows Print spooler service
in Domain Controllers and systems that do not print. Additionally,
administrators should employ the following best practice from Microsoft’s how-to
, published January 11, 2021: “Due to the possibility for exposure,
domain controllers and Active Directory admin systems need to have the Print
spooler service disabled. The recommended way to do this is using a Group
Policy Object.”