HomeWinBuzzer NewsMicrosoft Confirms PrintNightmare Flaw Affecting Windows Print Spooler

Microsoft Confirms PrintNightmare Flaw Affecting Windows Print Spooler

All Windows versions are affected by the PrintNightmare zero-day, which is actively being exploited following an accidental PoC leak.


is cautioning Windows users about a vulnerability located in Windows Print Spooler. Deemed a critical flaw, the bug is known as PrintNightmare and Microsoft has confirmed two CVE's for the problem.

Discovered by security researchers at Sangfor, the issue escalated when the group accidentally sent out the proof-of-concept (PoC). Armed with the knowledge of how to exploit the flaw, threat actors could engage in remote execution code attacks to gain system-level privileges.

Considering the potential, this is a critical flaw, although Microsoft has yet to officially rate the bug. Sangfor insists the leak of the PoC was an accident. It seems the company believed a patch already existed for the vulnerability.

The confusion comes from Microsoft rolling out fixes for other flaws in Windows Print Spooler this month. Sangfor deleted the test but it had already been forked and put online, including on Microsoft's own GitHub.

Microsoft Confirmation

After several days, Microsoft has now confirmed PrintNightmare and written about it. Microsoft is warning about the zero-day and says it is already being exploited in the wild. With a successful attack, could control a system, including creating accounts, having full admin access, change information, install programs, and view/copy files.

“Microsoft is aware of and investigating a remote code execution vulnerability that affects Windows Print Spooler and has assigned CVE-2021-34527 to this vulnerability. This is an evolving situation and we will update the CVE as more information is available.

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges.”

Microsoft points out the flaw affects most all versions of the Windows platform, another sign this is a critical vulnerability. The company is no working on a patch. In the meantime, Microsoft suggests disabling Windows Print Spooler or inbound remote printing.

Tip of the day: Whether you're planning an upgrade, tuning CPU timings, or just curious, it's handy to know information about your RAM. In our tutorial, we show you how to check RAM speed, type, and size using several built-in Windows 10 tools.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News