POC Exploit Posted Online Leaks Dangerous Microsoft Bug Info

A POC (Proof of Concept) exploit was posted online this Tuesday for Windows Print Spooler service vulnerability that can allow an attacker to fully compromise Windows systems. Known as CVE-2021-1675, Microsoft patched the vulnerability earlier this month in June 2021 patch security updates. 

The Record says “however, in what looks to have been an accident, an in-depth technical write-up and a fully working PoC exploit were shared on GitHub earlier today. The GitHub report has been taken offline after a few hours, but not before it was cloned by several other users.” 

The vulnerability affects Print Spooler (spoolsv.exe), a windows feature which works as a generic universal interface between the apps, local or networked printers, and Windows OS that lets app developers print jobs easily. Windows has been providing this service since the 90s, but it is one of the most buggy processes of the operating system, with many bugs being found throughout the years, “such as PrintDemon, FaxHell, Evil Printer, CVE-2020-1337, and even some of the zero-days used in the Stuxnet attacks,” the Record says. 

The latest bug “CVE-2021-1675” is in the long queue of Print Spooler Bugs, and was first found by researchers at Tencent Security, NSFOCUS, and AFINE earlier this year. 

“Last week, Chinese security firm QiAnXin published a low-quality GIF showing an exploit for the CVE-2021-1675 bug for the first time, but the company did not release any technical details or a working PoC in order to allow users more time to apply this month’s security updates and safeguard their systems,” reports the Record. 

Bug Allows Remote Code Execution The vulnerability was first marked as the low-importance elevation-of-privilege vulnerability which lets an attacker to get admin access, however, last week, Microsoft changed the vulnerability’s status to mark CVE-2021-1675 as a remote code execution problem that could be remotely exploited to let hackers to fully compromise unlatched Windows devices. 

At first, no POC or technical write-up was posted as CVE-2021-1675, which means that hackers who want to exploit this vulnerability had to inspect the patch code themselves and create an exploit to integrate this bug into their cyberattacks.