var-202107-1010
Vulnerability from variot

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

UPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability.

In addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (Note: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):

  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
  • NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)
  • UpdatePromptSettings = 0 (DWORD) or not defined (default setting)

Having NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design.

UPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates.

Note that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527.

. Print Spooler The service is a service for realizing the waiting for printing in printing. RpcAddPrinterDriverEx() The function is used by the above services to install the printer driver. Parameters DRIVER_CONTAINER Objects and parameters dwFileCopyFlags Controls the printer driver to be installed and how to copy files. If you are an authenticated user RpcAddPrinterDriverEx() The function can be executed. Therefore, an attacker who has obtained the authentication information can specify and install the driver on the remote server.By an authenticated remote third party SYSTEM Arbitrary code can be executed with privileges. Windows Print Spooler is a printer spooler for Windows. Microsoft Windows Print Spooler Components 存在安全漏洞,攻击者可以通过该漏洞绕过PfcAddPrinterDriver的安全验证,并在打印服务器中安装恶意的驱动程序。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows 10 Version 1909 for 32-bit Systems,Windows 10 Version 1909 for x64-based Systems,Windows 10 Version 1909 for ARM64-based Systems,Windows Server, version 1909 (Server Core installation),Windows 10 Version 21H1 for x64-based Systems,Windows 10 Version 21H1 for ARM64-based Systems,Windows 10 Version 21H1 for 32-bit Systems,Windows 10 Version 2004 for 32-bit Systems,Windows 10 Version 2004 for ARM64-based Systems,Windows 10 Version 2004 for x64-based Systems,Windows Server, version 2004 (Server Core installation),Windows 10 Version 20H2 for x64-based Systems,Windows 10 Version 20H2 for 32-bit Systems,Windows 10 Version 20H2 for ARM64-based Systems,Windows Server, version 20H2 (Server Core Installation),Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows 7 for 32-bit Systems Service Pack 1,Windows 7 for x64-based Systems Service Pack 1,Windows 8.1 for 32-bit systems,Windows 8.1 for x64-based systems,Windows RT 8.1,Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation). Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202107-1010",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "windows server",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "2016"
      },
      {
        "model": "windows server r2 for x64-based systems service pack",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "microsoft",
        "version": "20081"
      },
      {
        "model": "windows server r2",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "microsoft",
        "version": "2012"
      },
      {
        "model": "windows server",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "microsoft",
        "version": "2019"
      },
      {
        "model": "windows server for 32-bit systems servicepack",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "microsoft",
        "version": "20082"
      },
      {
        "model": "windows 10 1809",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.17763.2029"
      },
      {
        "model": "windows 11 22h2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.22621.674"
      },
      {
        "model": "windows server 2008",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "r2"
      },
      {
        "model": "windows server 20h2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.19042.1083"
      },
      {
        "model": "windows 7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows server 2016",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.14393.4470"
      },
      {
        "model": "windows 10 21h2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.19044.1415"
      },
      {
        "model": "windows rt 8.1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows server 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.20348.230"
      },
      {
        "model": "windows 10 22h2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.19045.2251"
      },
      {
        "model": "windows 10 20h2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.19042.1083"
      },
      {
        "model": "windows server 2019",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.17763.2029"
      },
      {
        "model": "windows 10 1607",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.14393.4470"
      },
      {
        "model": "windows server 2008",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows server 2012",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "r2"
      },
      {
        "model": "windows 11 21h2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.22000.318"
      },
      {
        "model": "windows 8.1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows 10 1507",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.10240.18969"
      },
      {
        "model": "windows server 2012",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "microsoft windows rt 8.1",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft windows server 2016",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft windows server 2012",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft windows server",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft windows 8.1",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft windows 7",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft windows 10",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft windows server 2008",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft windows server 2019",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "7"
      },
      {
        "model": "windows windows server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "2012"
      },
      {
        "model": "windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "8.1"
      },
      {
        "model": "windows rt sp0",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "8.1"
      },
      {
        "model": "windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "101607"
      },
      {
        "model": "windows for 32-bit systems",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "10"
      },
      {
        "model": "windows server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "2012"
      },
      {
        "model": "windows version for x64-based systems",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "101809"
      },
      {
        "model": "windows version for arm64-based systems",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "101809"
      },
      {
        "model": "windows version for 32-bit systems",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "101809"
      },
      {
        "model": "windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "101909"
      },
      {
        "model": "windows windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "101607"
      },
      {
        "model": "windows server for x64-based systems servicepack",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "20082"
      },
      {
        "model": "windows windows for x64-based systems",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "10"
      },
      {
        "model": "windows server 20h2",
        "scope": null,
        "trust": 0.6,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "1909"
      },
      {
        "model": "windows 20h2 for arm64-based systems",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "10"
      },
      {
        "model": "windows 20h2 for 32-bit systems",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "10"
      },
      {
        "model": "windows 20h2 for x64-based systems",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "10"
      },
      {
        "model": "windows for x64-based systems",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "102004"
      },
      {
        "model": "windows for arm64-based systems",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "102004"
      },
      {
        "model": "windows for 32-bit systems",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "102004"
      },
      {
        "model": "windows 21h1 for 32-bit systems",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "10"
      },
      {
        "model": "windows 21h1 for arm64-b",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "10"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-48426"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001967"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-34527"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.17763.2029",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_20h2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.19042.1083",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.17763.2029",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.19042.1083",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.10240.18969",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.14393.4470",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.14393.4470",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.20348.230",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.22000.318",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.19044.1415",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.22621.674",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.19045.2251",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-34527"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "This document was written by Will Dormann.We have not received a statement from the vendor.",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#383432"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2021-34527",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2021-48426",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULMON",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2021-34527",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-001967",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-34527",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "secure@microsoft.com",
            "id": "CVE-2021-34527",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2021-001967",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-48426",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202107-137",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-34527",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-48426"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-34527"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001967"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-137"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-34527"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-34527"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "\u003cp\u003eA remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\u003c/p\u003e\n\u003cp\u003eUPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability.\u003c/p\u003e\n\u003cp\u003eIn addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (\u003cstrong\u003eNote\u003c/strong\u003e: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint\u003c/li\u003e\n\u003cli\u003eNoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)\u003c/li\u003e\n\u003cli\u003eUpdatePromptSettings = 0 (DWORD) or not defined (default setting)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eHaving NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eUPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also \u003ca href=\"https://support.microsoft.com/topic/31b91c02-05bc-4ada-a7ea-183b129578a7\"\u003eKB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eNote that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as \u201cPrintNightmare\u201d, documented in CVE-2021-34527.\u003c/p\u003e\n. Print Spooler The service is a service for realizing the waiting for printing in printing. RpcAddPrinterDriverEx() The function is used by the above services to install the printer driver. Parameters DRIVER_CONTAINER Objects and parameters dwFileCopyFlags Controls the printer driver to be installed and how to copy files. If you are an authenticated user RpcAddPrinterDriverEx() The function can be executed. Therefore, an attacker who has obtained the authentication information can specify and install the driver on the remote server.By an authenticated remote third party SYSTEM Arbitrary code can be executed with privileges. Windows Print Spooler is a printer spooler for Windows. \nMicrosoft Windows Print Spooler Components \u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u8be5\u6f0f\u6d1e\u7ed5\u8fc7PfcAddPrinterDriver\u7684\u5b89\u5168\u9a8c\u8bc1\uff0c\u5e76\u5728\u6253\u5370\u670d\u52a1\u5668\u4e2d\u5b89\u88c5\u6076\u610f\u7684\u9a71\u52a8\u7a0b\u5e8f\u3002\u4ee5\u4e0b\u4ea7\u54c1\u548c\u7248\u672c\u53d7\u5230\u5f71\u54cd\uff1aWindows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019  (Server Core installation),Windows 10 Version 1909 for 32-bit Systems,Windows 10 Version 1909 for x64-based Systems,Windows 10 Version 1909 for ARM64-based Systems,Windows Server, version 1909 (Server Core installation),Windows 10 Version 21H1 for x64-based Systems,Windows 10 Version 21H1 for ARM64-based Systems,Windows 10 Version 21H1 for 32-bit Systems,Windows 10 Version 2004 for 32-bit Systems,Windows 10 Version 2004 for ARM64-based Systems,Windows 10 Version 2004 for x64-based Systems,Windows Server, version 2004 (Server Core installation),Windows 10 Version 20H2 for x64-based Systems,Windows 10 Version 20H2 for 32-bit Systems,Windows 10 Version 20H2 for ARM64-based Systems,Windows Server, version 20H2 (Server Core Installation),Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016  (Server Core installation),Windows 7 for 32-bit Systems Service Pack 1,Windows 7 for x64-based Systems Service Pack 1,Windows 8.1 for 32-bit systems,Windows 8.1 for x64-based systems,Windows RT 8.1,Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation). Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-34527"
      },
      {
        "db": "CERT/CC",
        "id": "VU#383432"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001967"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-48426"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-137"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-34527"
      }
    ],
    "trust": 4.05
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-34527",
        "trust": 3.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#383432",
        "trust": 2.2
      },
      {
        "db": "PACKETSTORM",
        "id": "167261",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU96262037",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001967",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-48426",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "165024",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021070204",
        "trust": 0.6
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2022050084",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-137",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-34527",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#383432"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-48426"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-34527"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001967"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-137"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-34527"
      }
    ]
  },
  "id": "VAR-202107-1010",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-48426"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-48426"
      }
    ]
  },
  "last_update_date": "2024-02-13T01:24:45.306000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2021-34527\u00a0|\u00a0Windows\u00a0Print\u00a0Spooler\u00a0Remote\u00a0Code\u00a0Execution\u00a0Vulnerability",
        "trust": 0.8,
        "url": "https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/b96cc497-59e5-4510-ab04-5484993b259b"
      },
      {
        "title": "Patch for Microsoft Windows Print Spooler code execution vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/277186"
      },
      {
        "title": "Multiple Microsoft Product code injection vulnerability fixes",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=155832"
      },
      {
        "title": "Introduction\nInstallation\nUsage\nDependencies\nFeatures\nDoes it require elevated privileges?\nReferences\nScreenshot",
        "trust": 0.2,
        "url": "https://github.com/0xirison/printnightmare-patcher "
      },
      {
        "title": "PowerShell\nAssign-CalendarPermission.ps1:\nClear-ExternalDrive.ps1:\nConfirm-PrintNightmare.ps1:\nGet-MailboxReport.ps1:\nGet-NetworkDriveReport.ps1:\nNew-JabberCSV.ps1:\nRemove-DeletedGroup.ps1:\nCreateADUser:\nOneDrive:",
        "trust": 0.2,
        "url": "https://github.com/adampumphrey/powershell "
      },
      {
        "title": "Check Point Security Alerts: Microsoft Windows Print Spooler Remote Code Execution (CVE-2021-34527)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=check_point_security_alerts\u0026qid=93893ce22c8de5424f0b5d48db7fc253"
      },
      {
        "title": "CVE-2021-34527 - PrintNightmare LPE (PowerShell)",
        "trust": 0.1,
        "url": "https://github.com/johnhammond/cve-2021-34527 "
      },
      {
        "title": "CVE-2021-34527 - PrintNightmare LPE (PowerShell)",
        "trust": 0.1,
        "url": "https://github.com/cyb3rpeace/cve-2021-34527 "
      },
      {
        "title": "https://github.com/hackerhouse-opensource/hackerhouse-opensource",
        "trust": 0.1,
        "url": "https://github.com/hackerhouse-opensource/hackerhouse-opensource "
      },
      {
        "title": "Welcome to our PrintNightmare exploit Capstone writeup. \nWhat even is \"PrintNightmare\"? \nDetection\nDamage Control \u0026 the Recovery Process Once a System has been Compromised \nMitigation and Isolation\nReproduction of the exploit \nRelated Links",
        "trust": 0.1,
        "url": "https://github.com/crtaylor315/legendary-invention "
      },
      {
        "title": "Welcome to our PrintNightmare exploit Capstone writeup. \nWhat even is \"PrintNightmare\"? \nDetection\nDamage Control \u0026 the Recovery Process Once a System has been Compromised \nMitigation and Isolation\nReproduction of the exploit \nRelated Links",
        "trust": 0.1,
        "url": "https://github.com/crtaylor315/printnightmare-before-halloween "
      },
      {
        "title": "CVE-2021-34527 - PrintNightmare LPE (PowerShell)",
        "trust": 0.1,
        "url": "https://github.com/sh7alward/cve-20121-34527-nightmare "
      },
      {
        "title": "CVE-2021-34527-1675",
        "trust": 0.1,
        "url": "https://github.com/cnoxx1/cve-2021-34527-1675 "
      },
      {
        "title": "PrintNightmare CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/powershellpr0mpt/printnightmare-cve-2021-34527 "
      },
      {
        "title": "HardeningKitty",
        "trust": 0.1,
        "url": "https://github.com/scipag/hardeningkitty "
      },
      {
        "title": "Invoke-PrinterNightmareCheck",
        "trust": 0.1,
        "url": "https://github.com/wiredpulse/invoke-printernightmareresponse "
      },
      {
        "title": "CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/hackerhouse-opensource/cve-2021-34527 "
      },
      {
        "title": "It Was All A Dream\nWhy?\nAlternatives\nInstallation\nUsage\nCredits",
        "trust": 0.1,
        "url": "https://github.com/byt3bl33d3r/itwasalladream "
      },
      {
        "title": "https://github.com/CanaanGM/cap_ze_flag",
        "trust": 0.1,
        "url": "https://github.com/canaangm/cap_ze_flag "
      },
      {
        "title": "CVE-2021-34527-PrintNightmare-Workaround",
        "trust": 0.1,
        "url": "https://github.com/geekbrett/cve-2021-34527-printnightmare-workaround "
      },
      {
        "title": "Powershell serviceflipper script for Spool service",
        "trust": 0.1,
        "url": "https://github.com/floridop/serviceflipper "
      },
      {
        "title": "CVE-2021-34527 PrintNightmare PoC \ud83d\udc7e",
        "trust": 0.1,
        "url": "https://github.com/d0rb/cve-2021-34527 "
      },
      {
        "title": "PowerShell-Scripts",
        "trust": 0.1,
        "url": "https://github.com/secmk/powershell-scripts "
      },
      {
        "title": "HardeningKitty and Windows 10 Hardening",
        "trust": 0.1,
        "url": "https://github.com/0x6d69636b/windows_hardening "
      },
      {
        "title": "HardeningKitty",
        "trust": 0.1,
        "url": "https://github.com/alssi-consulting/hardeningkitty "
      },
      {
        "title": "random-scripts",
        "trust": 0.1,
        "url": "https://github.com/romarroca/random-scripts "
      },
      {
        "title": "disable-RegisterSpoolerRemoteRpcEndPoint",
        "trust": 0.1,
        "url": "https://github.com/rdboboia/disable-registerspoolerremoterpcendpoint "
      },
      {
        "title": "It Was All A Dream\nWhy?\nAlternatives\nInstallation\nUsage\nCredits",
        "trust": 0.1,
        "url": "https://github.com/vk9d/printnightmare "
      },
      {
        "title": "PrintNightmare (CVE-2021-34527)",
        "trust": 0.1,
        "url": "https://github.com/m8sec/cve-2021-34527 "
      },
      {
        "title": "PrintNightmare",
        "trust": 0.1,
        "url": "https://github.com/synth3sis/printnightmare "
      },
      {
        "title": "CVE",
        "trust": 0.1,
        "url": "https://github.com/thangnguyenchien/cve "
      },
      {
        "title": "PrintNightmare",
        "trust": 0.1,
        "url": "https://github.com/tomparte/printnightmare "
      },
      {
        "title": "Printnightmare",
        "trust": 0.1,
        "url": "https://github.com/eutectico/printnightmare "
      },
      {
        "title": "HardeningKitty and Windows 10 Hardening",
        "trust": 0.1,
        "url": "https://github.com/jcabrale/windows_hardening "
      },
      {
        "title": "Hacker Arsenal Tookit (HaRT)",
        "trust": 0.1,
        "url": "https://github.com/init6source/hacker-arsenal-toolkit "
      },
      {
        "title": "PrintNightMareChecker\nScreenshot",
        "trust": 0.1,
        "url": "https://github.com/yyhh91/printnightmarechecker "
      },
      {
        "title": "This is a scanner for the service Windows-Print-Spooler in risk\nBased on CVE-2021-34527 PoC originally created by cube0x0",
        "trust": 0.1,
        "url": "https://github.com/dywhoami/cve-2021-34527-scanner-based-on-cube0x0-poc "
      },
      {
        "title": "HardeningKitty",
        "trust": 0.1,
        "url": "https://github.com/adamamicro/cahard "
      },
      {
        "title": "Invoke-PSObfuscation",
        "trust": 0.1,
        "url": "https://github.com/gh0x0st/invoke-psobfuscation "
      },
      {
        "title": "Offensive Cybersecurity Toolkit",
        "trust": 0.1,
        "url": "https://github.com/chdav/offensive-cybersec-toolkit "
      },
      {
        "title": "PsFix-CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/fardinbarashi/psfix-cve-2021-34527 "
      },
      {
        "title": "Introduction\nInstallation\nUsage\nDependencies\nFeatures\nDoes it require elevated privileges?\nReferences\nScreenshot",
        "trust": 0.1,
        "url": "https://github.com/0xirison/printernightmare-patcher "
      },
      {
        "title": "This is a scanner for the service Windows-Print-Spooler in risk\nBased on CVE-2021-34527 PoC originally created by cube0x0",
        "trust": 0.1,
        "url": "https://github.com/dywhoami/cve-2021-34527-scanner-not-poc-based-cube0x0 "
      },
      {
        "title": "Disable-Spooler-Service-PrintNightmare-CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/vinaysudheer/disable-spooler-service-printnightmare-cve-2021-34527 "
      },
      {
        "title": "Trabalho_Grau_B",
        "trust": 0.1,
        "url": "https://github.com/rafaelwduarte/trabalho_grau_b "
      },
      {
        "title": "CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/amaranese/cve-2021-34527 "
      },
      {
        "title": "PowerShell-PrintNightmare",
        "trust": 0.1,
        "url": "https://github.com/syntaxbearror/powershell-printnightmare "
      },
      {
        "title": "Invoke-PrinterNightmareCheck",
        "trust": 0.1,
        "url": "https://github.com/wiredpulse/invoke-printernightmarecheck "
      },
      {
        "title": "HardeningKitty",
        "trust": 0.1,
        "url": "https://github.com/gokul-c/cis-hardening-windows-l1 "
      },
      {
        "title": "printnightmare",
        "trust": 0.1,
        "url": "https://github.com/glorisonlai/printnightmare "
      },
      {
        "title": "PrintNightmare-Windows Print Spooler RCE/LPE Vulnerability(CVE-2021-34527, CVE-2021-1675)",
        "trust": 0.1,
        "url": "https://github.com/nathanealm/printnightmare-exploit "
      },
      {
        "title": "CVE-2021-1675 / CVE-2021-34527\nOfficial Guidance (Taken from CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/denizse/cve-2021-34527 "
      },
      {
        "title": "PrintNightmare exploit",
        "trust": 0.1,
        "url": "https://github.com/outflanknl/printnightmare "
      },
      {
        "title": "SpoolSploit\nDisclaimer\nCredits",
        "trust": 0.1,
        "url": "https://github.com/edsonjt81/spoolsploit "
      },
      {
        "title": "Local Privilege Escalation Edition of CVE-2021-1675/CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/hlldz/cve-2021-1675-lpe "
      },
      {
        "title": "PrintNightmareCheck",
        "trust": 0.1,
        "url": "https://github.com/xbufu/printnightmarecheck "
      },
      {
        "title": "CVE-2021-1675 / CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/cube0x0/cve-2021-1675 "
      },
      {
        "title": "SpoolSploit\nDisclaimer\nCredits",
        "trust": 0.1,
        "url": "https://github.com/beetlechunks/spoolsploit "
      },
      {
        "title": "PowerSharpPack",
        "trust": 0.1,
        "url": "https://github.com/wowter-code/powersharppack "
      },
      {
        "title": "CVE-2021-1675 / CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/edsonjt81/cve-2021-1675 "
      },
      {
        "title": "microsoft-vulnerabilidades\nVulnerabilidade de execu\u00e7\u00e3o remota de c\u00f3digo do Spooler de Impress\u00e3o do Windows\nCVE-2021-34527\nSinopse\nHaving NoWarningNoElevationOnInstall definido como 1 torna seu sistema vulner\u00e1vel por design.\nSolu\u00e7\u00f5es alternativas\nDeterminar se o servi\u00e7o Spooler de Impress\u00e3o est\u00e1 em execu\u00e7\u00e3o\nOp\u00e7\u00e3o 1 \u2014 Desabilitar o servi\u00e7o Spooler de Impress\u00e3o\nOp\u00e7\u00e3o 2 \u2014 Desabilitar a impress\u00e3o remota de entrada por meio da Pol\u00edtica de Grupo",
        "trust": 0.1,
        "url": "https://github.com/alvesnet-suporte/microsoft-vulnerabilidades "
      },
      {
        "title": "CVE-2021-1675 / CVE-2021-34527\nOfficial Guidance (Taken from CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/denizse/cve-2021-1675 "
      },
      {
        "title": "CVE-2021-1675 / CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/mtthwstffrd/cube0x0-cve-2021-1675 "
      },
      {
        "title": "CVE-2021-1675 / CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/auduongxuan/cve-2022-26809 "
      },
      {
        "title": "Windows Print Spooler Service RCE CVE-2021-1675 (PrintNightmare)\nHow to disable the Print Spooler service ?\nCMD Shell\nPowerShell\nService Control\nReferences",
        "trust": 0.1,
        "url": "https://github.com/ozergoker/printnightmare "
      },
      {
        "title": "SpoolSploit\nDisclaimer\nCredits",
        "trust": 0.1,
        "url": "https://github.com/merlinepedra25/spoolsploit "
      },
      {
        "title": "PrintNightmare (CVE-2021-1675)",
        "trust": 0.1,
        "url": "https://github.com/corelight/cve-2021-1675 "
      },
      {
        "title": "SpoolSploit\nDisclaimer\nCredits",
        "trust": 0.1,
        "url": "https://github.com/yahya950/spoolsploit "
      },
      {
        "title": "CVE-2021-1675 / CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/galoget/printnightmare-cve-2021-1675-cve-2021-34527 "
      },
      {
        "title": "Sponsored by\nPowerSharpPack",
        "trust": 0.1,
        "url": "https://github.com/orgtestcodacy11krepos110mb/repo-9265-powersharppack "
      },
      {
        "title": "PrintNightmare",
        "trust": 0.1,
        "url": "https://github.com/ly4k/printnightmare "
      },
      {
        "title": "Invoke-BuildAnonymousSMBServer",
        "trust": 0.1,
        "url": "https://github.com/3gstudent/invoke-buildanonymoussmbserver "
      },
      {
        "title": "PrintNightmare",
        "trust": 0.1,
        "url": "https://github.com/retr0-13/printnightmare "
      },
      {
        "title": "awesome-c-sharp",
        "trust": 0.1,
        "url": "https://github.com/uhub/awesome-c-sharp "
      },
      {
        "title": "PowerSharpPack",
        "trust": 0.1,
        "url": "https://github.com/merlinepedra25/powersharppack "
      },
      {
        "title": "PowerSharpPack",
        "trust": 0.1,
        "url": "https://github.com/merlinepedra/powersharppack "
      },
      {
        "title": "CNightmare - CVE-2021-1675 POC",
        "trust": 0.1,
        "url": "https://github.com/d0nkeyk0ng787/printnightmare-poc "
      },
      {
        "title": "PrintNightmare - Windows Print Spooler RCE/LPE Vulnerability (CVE-2021-34527, CVE-2021-1675)",
        "trust": 0.1,
        "url": "https://github.com/nemo-wq/cve-2021-1675_cve-2021-34527_printnightmare "
      },
      {
        "title": "CVE-2021-1675 / CVE-2021-34527\nOfficial Guidance (Taken from CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/denizse/cve-2020-1675 "
      },
      {
        "title": "Print Nightmare \u5206\u6790\u62a5\u544a",
        "trust": 0.1,
        "url": "https://github.com/hahaleyile/my-cve-2021-1675 "
      },
      {
        "title": "From Lares Labs: Detection \u0026 Remediation Information for CVE-2021-1675 \u0026 CVE-2021-34527\nFlow Chart\nWorkaround Fix\nSysmon Config File\nSplunk Queries\nKQL Query for Sentinel / MDE via Olaf Hartong\nZeek Observations\nCarbon Black Hunting Query for CVE-2021-1675\nReferences",
        "trust": 0.1,
        "url": "https://github.com/laresllc/cve-2021-1675 "
      },
      {
        "title": "SpoolSploit\nDisclaimer\nCredits",
        "trust": 0.1,
        "url": "https://github.com/merlinepedra/spoolsploit "
      },
      {
        "title": "Sponsored by\nPowerSharpPack",
        "trust": 0.1,
        "url": "https://github.com/oscpname/ad_powersharppack "
      },
      {
        "title": "cyber-ansible",
        "trust": 0.1,
        "url": "https://github.com/carloslacasa/cyber-ansible "
      },
      {
        "title": "PrintNightmare\nCredits",
        "trust": 0.1,
        "url": "https://github.com/raithedavion/printnightmare "
      },
      {
        "title": "CVE-2021-1675 / CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/eng-amarante/cybersecurity "
      },
      {
        "title": "Printnightmare Safe Tool",
        "trust": 0.1,
        "url": "https://github.com/ssbhaumik/printnightmare-safetool "
      },
      {
        "title": "https://github.com/p0haku/cve_scraper",
        "trust": 0.1,
        "url": "https://github.com/p0haku/cve_scraper "
      },
      {
        "title": "Awesome Stars",
        "trust": 0.1,
        "url": "https://github.com/pluja/stars "
      },
      {
        "title": "PrintNightmare",
        "trust": 0.1,
        "url": "https://github.com/ollypwn/printnightmare "
      },
      {
        "title": "PrintNightmare - Windows Print Spooler RCE/LPE Vulnerability (CVE-2021-34527, CVE-2021-1675)",
        "trust": 0.1,
        "url": "https://github.com/nemo-wq/printnightmare-cve-2021-34527 "
      },
      {
        "title": "TryHackMe | PrintNightmare",
        "trust": 0.1,
        "url": "https://github.com/r1skkam/printnightmare "
      },
      {
        "title": "Sponsored by\nPowerSharpPack",
        "trust": 0.1,
        "url": "https://github.com/61106960/clipysharppack "
      },
      {
        "title": "Sponsored by\nPowerSharpPack",
        "trust": 0.1,
        "url": "https://github.com/s3cur3th1ssh1t/powersharppack "
      },
      {
        "title": "RedCsharp",
        "trust": 0.1,
        "url": "https://github.com/boh/redcsharp "
      },
      {
        "title": "CVE-2021-34527_mitigation",
        "trust": 0.1,
        "url": "https://github.com/widespreadpandemic/cve-2021-34527_acl_mitigation "
      },
      {
        "title": "EVTX to MITRE Att@ck",
        "trust": 0.1,
        "url": "https://github.com/mdecrevoisier/evtx-to-mitre-attack "
      },
      {
        "title": "CVE-2021-34527_mitigation",
        "trust": 0.1,
        "url": "https://github.com/widespreadpandemic/cve-2021-34527_mitigation "
      },
      {
        "title": "RDP Breaker Tool",
        "trust": 0.1,
        "url": "https://github.com/royalboy2000/coderdpbreaker "
      },
      {
        "title": "https://github.com/glshnu/PrintNightmare",
        "trust": 0.1,
        "url": "https://github.com/glshnu/printnightmare "
      },
      {
        "title": "SharpKatz",
        "trust": 0.1,
        "url": "https://github.com/b4rtik/sharpkatz "
      },
      {
        "title": "INTRODUCTION TO ACTIVE DIRECTORY\nIntroduction to Active Directory Enumeration \u0026 Attacks",
        "trust": 0.1,
        "url": "https://github.com/gecr07/htb-academy "
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2021/07/16/spooler_service_local_privilege_escalation/"
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2021/07/07/printnightmare_patched/"
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2021/07/07/printnightmare_fix_fail/"
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2021/07/02/printnightmare_cve/"
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2022/03/16/russia-attack-ngo-mfa-printnightmare/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-48426"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-34527"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001967"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-137"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-269",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-34527"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-34527"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/167261/print-spooler-remote-dll-injection.html"
      },
      {
        "trust": 0.8,
        "url": "cve-2021-1675  "
      },
      {
        "trust": 0.8,
        "url": "cve-2021-34527  "
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu96262037"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34527"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20210705-ms.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2021/at210029.html"
      },
      {
        "trust": 0.8,
        "url": "https://kb.cert.org/vuls/id/383432"
      },
      {
        "trust": 0.8,
        "url": "https://us-cert.cisa.gov/ncas/current-activity/2021/06/30/printnightmare-critical-windows-print-spooler-vulnerability"
      },
      {
        "trust": 0.6,
        "url": "https://www.kb.cert.org/vuls/id/383432"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021070204"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/issue/wlb-2022050084"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/165024/printnightmare-vulnerability.html"
      },
      {
        "trust": 0.6,
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-34527"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/269.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2021/07/07/printnightmare_patched/"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/hackerhouse-opensource/hackerhouse-opensource"
      },
      {
        "trust": 0.1,
        "url": "https://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2021-1666.html"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#383432"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-48426"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-34527"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001967"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-137"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-34527"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#383432"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-48426"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-34527"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001967"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-137"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-34527"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-06-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#383432"
      },
      {
        "date": "2021-07-07T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-48426"
      },
      {
        "date": "2021-07-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-34527"
      },
      {
        "date": "2021-07-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-001967"
      },
      {
        "date": "2021-07-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202107-137"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-07-02T22:15:08.757000",
        "db": "NVD",
        "id": "CVE-2021-34527"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-08-03T00:00:00",
        "db": "CERT/CC",
        "id": "VU#383432"
      },
      {
        "date": "2021-07-07T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-48426"
      },
      {
        "date": "2024-02-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-34527"
      },
      {
        "date": "2021-07-08T08:31:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-001967"
      },
      {
        "date": "2022-05-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202107-137"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2024-02-02T17:24:01.260000",
        "db": "NVD",
        "id": "CVE-2021-34527"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-137"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft Windows Print Spooler allows for RCE via AddPrinterDriverEx()",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#383432"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-137"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 1.2
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.