Conversant Group is posting this bulletin as a follow-up to two previous bulletins in early and late July 2021.

Summary:

August 10, 2021 Patch Tuesday Microsoft released security updates to address PrintNightmare vulnerability CVE-2021-34481. This vulnerability is four distinct vulnerabilities that reside in the Windows Print Spooler service. The exploitation of PrintNighmare allows threat actors inside a victim’s internal networks to remotely upload a specially crafted printer driver to vulnerable systems to run malicious code with elevated privileges. This vulnerability affects all versions of Windows systems that have Print Spooler service configured.

Various intelligence firms and data forensic firms have the Ransomware Group Magniber exploiting this vulnerability in the wild, specifically aimed at South Korea for now. We strongly recommend patching this vulnerability immediately or implementing recommended mitigation controls.

Latest information from Microsoft:

  • August 10, 2021— Microsoft releases patch for CVE-2021-34481 in Patch Tuesday Release 
  • August 11, 2021— Microsoft assigns CVE-2021-36958 to track a separate zero-day exploit scenario against Windows Print Spooler Service 
    • Proof of concepts for CVE-2021-36958 exploits become available publicly 
    • No official patch from Microsoft for CVE-2021-36958