Microsoft has issued an emergency software update to quash a security bug that’s been dubbed “PrintNightmare,”. This is a critical vulnerability affecting all versions of windows which is exploited actively.
Making sense of #PrintNightmare. A flowchart to help understand exploitation of CVE-2021-34527.
Tim Mackey , Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Center)
July 8, 2021 12:03 pm
<p><span lang=\"EN-US\">Whenever there is a new security disclosure, it should be assumed that knowledge of how to exploit the weaknesses in the disclosure is known. It should also be understood that once information is published online that it will be cloned or copied by someone else. PoCs of exploitable security issues are commonly posted after the security disclosure and associated patches are made public. Publication is a normal process because those details might allow other security researchers to identify other paths to exploitation that might also need patching. For users, the best thing they can do to avoid falling victim is to patch their Windows systems promptly.</span></p>
<p><span lang=\"EN-US\">Whenever there is a new security disclosure, it should be assumed that knowledge of how to exploit the weaknesses in the disclosure is known. It should also be understood that once information is published online that it will be cloned or copied by someone else. PoCs of exploitable security issues are commonly posted after the security disclosure and associated patches are made public. Publication is a normal process because those details might allow other security researchers to identify other paths to exploitation that might also need patching. For users, the best thing they can do to avoid falling victim is to patch their Windows systems promptly.</span></p>