PrintNightmare 0-day can be used to take over Windows domain controllers

“You Keep Using That Patch, I Do Not Think It Means What You Think It Means”…:

[…] As per usual, the general advice was to install the patches from Microsoft and you’re done. Fast forward another week and a researcher announced he’d found a way to exploit the vulnerability to achieve both local privilege escalation and remote code execution. This actually happens a lot when researchers reverse engineer a patch.

Only in this case it had an unexpected consequence. A different team of researchers had also found an RCE vulnerability in the Print Spooler service. They called theirs PrintNightmare and believed it was the same as CVE-2021-1675. They were working on a presentation to be held at the Black Hat security conference. But now they feared that the other team had stumbled over the same vulnerability, so they published their work, believing it was covered by the patch already released by Microsoft.

But the patch for CVE-2021-1675 didn’t seem to work against the PrintNightmare vulnerability. It appeared that PrintNightmare and CVE-2021-1675 were in fact two very similar but different vulnerabilities in the Print Spooler.

[…]

Original Article