Windows ‘PrintNightmare’ vulnerability being actively exploited, according to Microsoft [Updated]

A Windows vulnerability appears to have accidentally been shared by researchers, and it’s actively being exploited.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

What you need to know

What you need to know

Update July 7, 2021 at 6:15 pm ET:As of July 7, the PrintNightmare issue has not been fixed, and Microsoft’s latest patch has proved ineffective. Our full update on the situation can be found in our most recent article discussing thePrintNightmare vulnerability.

The Windows Print Spooler service has an unpatched critical flaw that’s been dubbed “PrintNightmare.” Microsoft warns people about the vulnerability and breaks down how it works in arecent post:

“A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations,” says the company. “An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

According to Microsoft, the vulnerability is being actively exploited.

The vulnerability appears to have beenaccidently publishedin the form of a proof-of-concept exploit. Sangfor researchers published the proof-of-concept but have since deleted it. Unfortunately, the code was forked on GitHub before it was removed.

As explained byThe Verge, the researchers at Sangfor appeared to have thought the vulnerability had been patched by Microsoft. The company had patched issues related to Windows Print Spooler, but they were not for this specific issue.

Microsoft lists two options as workarounds for the issue:

Get the Windows Central Newsletter

Get the Windows Central Newsletter

All the latest news, reviews, and guides for Windows and Xbox diehards.

While publicly known as PrintNightmare, Microsoft has assigned the name CVE-2021-34527 to the vulnerability.

Microsoft is still investigating the severity of this vulnerability. The company is also investigating if all versions of Windows are exploitable.

“The code that contains the vulnerability is in all versions of Windows,” says Microsoft. “We are still investigating whether all versions are exploitable. We will update this CVE when that information is evident.”

We have a complete guide onhow to mitigate Print Spooler PrintNightmare vulnerability on Windows 10if you need to deal with the issue.

Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He’s covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean’s journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.