PrintNightmare (CVE-2021-34527)

PrintNightmare is the Windows Print Spooler RCE that became the most-disclosed-on-the-internet vulnerability of mid-2021.

Definition

PrintNightmare (CVE-2021-34527) is a remote code execution vulnerability in the Windows Print Spooler service. The exploit invokes the `RpcAddPrinterDriverEx` RPC and supplies a malicious driver DLL, which the Print Spooler loads with SYSTEM privileges. The disclosure history is unusually messy — the original CVE-2021-1675 was patched as a privilege-escalation, but the actual fix was incomplete and the wider RCE story was disclosed publicly before Microsoft issued a corrected patch.

Impact

Domain-wide privilege escalation; widely exploited.

Mitigation

Apply all subsequent Print Spooler patches. Disable Print Spooler on systems that don't need printing. Restrict `PointAndPrint` policy.

See also

References