PrintNightmare (CVE-2021-34527)
PrintNightmare is the Windows Print Spooler RCE that became the most-disclosed-on-the-internet vulnerability of mid-2021.
Definition
PrintNightmare (CVE-2021-34527) is a remote code execution vulnerability in the Windows Print Spooler service. The exploit invokes the `RpcAddPrinterDriverEx` RPC and supplies a malicious driver DLL, which the Print Spooler loads with SYSTEM privileges. The disclosure history is unusually messy — the original CVE-2021-1675 was patched as a privilege-escalation, but the actual fix was incomplete and the wider RCE story was disclosed publicly before Microsoft issued a corrected patch.
Impact
Domain-wide privilege escalation; widely exploited.
Mitigation
Apply all subsequent Print Spooler patches. Disable Print Spooler on systems that don't need printing. Restrict `PointAndPrint` policy.