1. July 2021

This article has been indexed from E Hacking News – Latest Hacker News and IT Security News

A POC (Proof of Concept) exploit was posted online this Tuesday for Windows Print Spooler service vulnerability that can allow an attacker to fully compromise Windows systems. Known as CVE-2021-1675, Microsoft patched the vulnerability earlier this month in June 2021 patch security updates. 

The Record says “however, in what looks to have been an accident, an in-depth technical write-up and a fully working PoC exploit were shared on GitHub earlier today. The GitHub report has been taken offline after a few hours, but not before it was cloned by several other users.” 

The vulnerability affects Print Spooler (spoolsv.exe), a windows feature which works as a generic universal interface between the apps, local or networked printers, and Windows OS that lets app developers print jobs easily. Windows has been providing this service since the 90s, but it is one of the most buggy processes of the operating system, with many bugs being found throughout the years, “such as PrintDemon, FaxHell, Evil Printer, CVE-2020-1337, and even some of the zero-days used in the Stuxnet attacks,” the Record says. 

The latest bug “CVE-2021-1675” is in the long queue of Print Spooler Bugs, and was first found by researchers at Tencent Security, NSFOCUS, and AFINE earlier this year. 

“Last week, Chinese security firm QiAnXin published a low-quality GIF showing an exploit for the CVE-2021-1675 bug for the first time, but the company did not release any technical details or a working PoC in order to allow users more time to apply this month’s security updates and safeguard their systems,” reports the Record.&n

[…]

Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: POC Exploit Posted Online Leaks Dangerous Microsoft Bug Info