An exploit called „PrintNightmare“ is being investigated by Microsoft. It potentially affects all versions of Windows. U.S. CISA has marked it as „critical“ as it can lead to remote code execution.
Microsoft releases a bunch of security updates for its software each month, but sometimes, bugs still slip through the cracks and are publicly reported. This has happened once again as the United States Cybersecurity and Infrastructure Security Agency (CISA) has highlighted a critical Windows Print Spooler vulnerability that Microsoft is actively investigating. The exploit is known as „PrintNightmare“ in cybersecurity spheres and CISA has described it as critical as it can lead to remote code execution (RCE). The CERT Coordination Center is tracking it under VU#383432 and explains that the problem happens because the Windows Print Spooler service does not restrict access to the RpcAddPrinterDriverEx() function, which means that an attacker who has been remotely authenticated can utilize it to run arbitrary code.
