My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Back to the news list

About protecting against break-ins via the Windows PrintNightmare vulnerability

July 15, 2021

In connection with the detection of critical Windows print spooler vulnerabilities in June—CVE-2021-1675 and CVE-2021-34527 (widely known as PrintNightmare)—Doctor Web is drawing users' attention to the need to observe protective measures. Despite the fact that Microsoft has now closed the vulnerabilities, CVE-2021-34527 continues to pose a threat, allowing attackers to penetrate a system and execute arbitrary code with elevated privileges (NT AUTHORITY\SYSTEM) if the user independently switches certain parameters in the Windows registry.

The CVE-2021-34527 vulnerability can be exploited in all popular Windows versions. Thanks to the exploits, attackers can deliver various malicious payloads to computers, including encryption ransomware, which demands a ransom for the decryption of corrupted files.

Dr.Web Anti-virus is still ready to resist exploits which it knows. When new exploits that can use CVE-2021-34527 and CVE-2021-1675 are found in the wild, they are promptly added to the Dr.Web virus database. However, it’s worth remembering that an anti-virus is not a replacement for an OS security system, and that such a vulnerability is a very tempting morsel for many hackers. This means that users should also remain vigilant.

To maximally protect their computer infrastructure, users are recommended to install patches released by the OS developer and then make sure that in the Windows registry, the necessary switches are set in accordance with Microsoft recommendations.

Recall that Dr.Web Enterprise Security Suite 12.0 products have a wide arsenal of preventive protection tools. Moreover, additional functions capable of protecting systems from criminals seeking to break-in via the PrintNightmare vulnerability are already in development at this moment.

Security patch for closing the CVE-2021-1675 vulnerability

Security patch for closing the CVE-2021-34527 vulnerability

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.

Other comments