Quote:A proof-of-concept for a critical Windows security vulnerability that allows remote code execution (RCE) was dropped on GitHub on Tuesday – and while it was taken back down within a few hours, the code was copied and is still out there circulating on the platform.
The bug (CVE-2021-1675) exists in the Windows Print Spooler and has been dubbed “PrintNightmare” by researchers. It was originally addressed in June’s Patch Tuesday updates from Microsoft as a minor elevation-of-privilege vulnerability, but the listing was updated last week after researchers from Tencent and NSFOCUS TIANJI Lab figured out it could be used for RCE.
“There are 40 entries in Microsoft’s list of affected products, from Windows 7 to Windows 10 and from Server 2008 to Server 2019,” Dirk Schrader, global vice president of security research at New Net Technologies (NNT), now part of Netwrix, told Threatpost. “Given this broad surface, it is likely that this vulnerability will become an element in the tool chain of current malware families.”
On Sunday, the QiAnXin security team tweeted a video showing successful RCE – but it held back any technical or PoC details. Two days later, though, a full-blown PoC with a complete technical analysis appeared on GitHub, authored by another security firm, Sangfor.
Claire Tills, senior security engineer with Tenable, which spotted the PoC posting, noted that “the GitHub repository was publicly available long enough for others to clone it. The PoC is likely still circulating and is likely to resurface publicly, if it hasn’t already done so.”
And indeed, according to one security practitioner, the code was successfully forked to another page.
Read more: PoC Exploit Circulating for Critical Windows Print Spooler Bug | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
