MADRID, 2 Jul. (Portaltic/EP) –
Microsoft has taken from a vulnerability that affects the Windows spooler service, that still does not have a patch to correct it, and that allows a cybercriminal to execute remote code with which to access data or install software on the affected computer.
PrintNightmare is the name of the vulnerability discovered by Sangfor researchers, who informed Microsoft of its presence in the Windows spooler service. However, and in what is understood as a communication error, also published a proof of concept (PoC) of the ‘exploit’ with which to take advantage of said vulnerability, which was eliminated shortly after.
This vulnerability, collected on its website with the code CVE-2021-34527, allows an attacker to remote code execution with elevation of system privileges, which would allow you not only install programs, but also access data, modify or delete it, it is included create new user accounts with all privilegesios.
The technology company indicates that it is an “evolving” situation, which they are currently investigating, and although there is currently no patch that corrects this vulnerability, it urges to check if users have installed the security update distributed last 8 of June.