July 15, 2021

In connection with the detection of critical Windows print spooler vulnerabilities in June—CVE-2021-1675 and CVE-2021-34527 (widely known as PrintNightmare)—Doctor Web is drawing users' attention to the need to observe protective measures. Despite the fact that Microsoft has now closed the vulnerabilities, CVE-2021-34527 continues to pose a threat, allowing attackers to penetrate a system and execute arbitrary code with elevated privileges (NT AUTHORITY\SYSTEM) if the user independently switches certain parameters in the Windows registry.

The CVE-2021-34527 vulnerability can be exploited in all popular Windows versions. Thanks to the exploits, attackers can deliver various malicious payloads to computers, including encryption ransomware, which demands a ransom for the decryption of corrupted files.

Dr.Web Anti-virus is still ready to resist exploits which it knows. When new exploits that can use CVE-2021-34527 and CVE-2021-1675 are found in the wild, they are promptly added to the Dr.Web virus database. However, it’s worth remembering that an anti-virus is not a replacement for an OS security system, and that such a vulnerability is a very tempting morsel for many hackers. This means that users should also remain vigilant.

To maximally protect their computer infrastructure, users are recommended to install patches released by the OS developer and then make sure that in the Windows registry, the necessary switches are set in accordance with Microsoft recommendations.

Recall that Dr.Web Enterprise Security Suite 12.0 products have a wide arsenal of preventive protection tools. Moreover, additional functions capable of protecting systems from criminals seeking to break-in via the PrintNightmare vulnerability are already in development at this moment.

Security patch for closing the CVE-2021-1675 vulnerability

Security patch for closing the CVE-2021-34527 vulnerability