The so-called PrintNightmare is a new vulnerability that has raised a lot of concerns in the last week, as it attacks the Windows Print Spooler, a service that manages the printing process within the operating system. This flaw allows cybercriminals to execute unauthorized lines of code remotely, gaining full control over the entire IT-infrastructure.
Initially, this was thought to be related to the CVE-2021-1675 (Windows Print Spooler Remote Code Execution Vulnerability) vulnerability, whose Patches were released on June 8, 2021: now, however, perplexities have arisen that make it unclear whether this is the same bug or a new one. Technology researchers recently published a proof of concept that questions the effectiveness of the measures put in place to fix the problem.
The current remote code execution (RCE) flaw, namely PrintiNightmare, is identified as CVE-2021-34527 and has similar characteristics to the previous CVE-2021-1675. Pending a final resolution, the IT giant has suggested partially or completely disabling the Print Spooler service, in order to block access to criminals.
Endian reacted quickly, creating ad hoc rules to prevent remote attacks that exploit this flaw in Windows systems. Endian's engineers were able to implement a solution to address the problem in a very short time: thanks to the maintenance package, our users will only need to update their Intrusion Prevention rules to achieve an effective defense.
Last July 6, Microsoft released Patches to fix the CVE-2021-1675 and CVE-2021-34527 vulnerabilities: at the time of writing, researchers are still investigating to verify that the solution Microsoft came up with is actually effective in containing the problem.