目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2021-34527 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
Windows Print Spooler Remote Code Execution Vulnerability
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>UPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability.</p> <p>In addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (<strong>Note</strong>: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):</p> <ul> <li>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint</li> <li>NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)</li> <li>UpdatePromptSettings = 0 (DWORD) or not defined (default setting)</li> </ul> <p><strong>Having NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design.</strong></p> <p>UPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also <a href="https://support.microsoft.com/topic/31b91c02-05bc-4ada-a7ea-183b129578a7">KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates</a>.</p> <p>Note that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527.</p>
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Microsoft Windows Print Spooler Components 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Microsoft Windows Print Spooler Components是美国微软(Microsoft)公司的一个打印后台处理程序组件。 Microsoft Windows Print Spooler Components 存在安全漏洞,攻击者可以通过该漏洞绕过PfcAddPrinterDriver的安全验证,并在打印服务器中安装恶意的驱动程序。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
MicrosoftWindows 10 Version 1809 10.0.0 ~ 10.0.17763.2029 cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2029:*:*:*:*:*:x86:*
MicrosoftWindows Server 2019 10.0.0 ~ 10.0.17763.2029 cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2029:*:*:*:*:*:*:*
MicrosoftWindows Server 2019 (Server Core installation) 10.0.0 ~ 10.0.17763.2029 cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2029:*:*:*:*:*:*:*
MicrosoftWindows Server 2022 10.0.0 ~ 10.0.20348.230 cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230:*:*:*:*:*:*:*
MicrosoftWindows 10 Version 20H2 10.0.0 ~ 10.0.19042.1083 cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1083:*:*:*:*:*:x86:*
MicrosoftWindows Server version 20H2 10.0.0 ~ 10.0.19042.1083 cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1083:*:*:*:*:*:*:*
MicrosoftWindows 11 version 21H2 10.0.0 ~ 10.0.22000.318 cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:x64:*
MicrosoftWindows 10 Version 21H2 10.0.0 ~ 10.0.19044.1415 cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415:*:*:*:*:*:x86:*
MicrosoftWindows 11 version 22H2 10.0.0 ~ 10.0.22621.674 cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.674:*:*:*:*:*:arm64:*
MicrosoftWindows 10 Version 22H2 10.0.0 ~ 10.0.19045.2251 cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.2251:*:*:*:*:*:x64:*
MicrosoftWindows 10 Version 1507 10.0.0 ~ 10.0.10240.18969 cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.18969:*:*:*:*:*:x86:*
MicrosoftWindows 10 Version 1607 10.0.0 ~ 10.0.14393.4470 cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4470:*:*:*:*:*:x86:*
MicrosoftWindows Server 2016 10.0.0 ~ 10.0.14393.4470 cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4470:*:*:*:*:*:*:*
MicrosoftWindows Server 2016 (Server Core installation) 10.0.0 ~ 10.0.14393.4470 cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4470:*:*:*:*:*:*:*
MicrosoftWindows 8.1 6.3.0 ~ 6.3.9600.20046 cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20046:*:*:*:*:*:*:*
MicrosoftWindows Server 2008 Service Pack 2 6.0.0 ~ 6.0.6003.21138 cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21138:*:*:*:*:*:x64:*
MicrosoftWindows Server 2008 Service Pack 2 (Server Core installation) 6.0.0 ~ 6.0.6003.21138 cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21138:*:*:*:*:*:x64:*
MicrosoftWindows Server 2008 Service Pack 2 6.0.0 ~ 6.0.6003.21138 cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21138:*:*:*:*:*:x86:*
MicrosoftWindows Server 2008 R2 Service Pack 1 6.1.0 ~ 6.1.7601.25633 cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25633:*:*:*:*:*:x64:*
MicrosoftWindows Server 2008 R2 Service Pack 1 (Server Core installation) 6.0.0 ~ 6.1.7601.25633 cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25633:*:*:*:*:*:x64:*
MicrosoftWindows Server 2012 6.2.0 ~ 6.2.9200.23383 cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23383:*:*:*:*:*:x64:*
MicrosoftWindows Server 2012 (Server Core installation) 6.2.0 ~ 6.2.9200.23383 cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23383:*:*:*:*:*:x64:*
MicrosoftWindows Server 2012 R2 6.3.0 ~ 6.3.9600.20046 cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20046:*:*:*:*:*:x64:*
MicrosoftWindows Server 2012 R2 (Server Core installation) 6.3.0 ~ 6.3.9600.20046 cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20046:*:*:*:*:*:x64:*
二、漏洞 CVE-2021-34527 的公开POC
#POC 描述源链接神龙链接
1Small Powershell Script to detect Running Printer Spoolers on Domain Controllerhttps://github.com/DenizSe/CVE-2021-34527POC详情
2Kritische Sicherheitslücke PrintNightmare CVE-2021-34527https://github.com/glshnu/PrintNightmarePOC详情
3Nonehttps://github.com/JohnHammond/CVE-2021-34527POC详情
4PrintNightmare - Windows Print Spooler RCE/LPE Vulnerability (CVE-2021-34527, CVE-2021-1675) proof of concept exploitshttps://github.com/nemo-wq/PrintNightmare-CVE-2021-34527POC详情
5Cve-2021-1675 or cve-2021-34527? Detailed analysis and exploitation of windows print spooler 0day vulnerability!!!https://github.com/CnOxx1/CVE-2021-34527-1675POC详情
6Workaround for Windows Print Spooler Remote Code Execution Vulnerability(CVE-2021-34527). See: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527https://github.com/rdboboia/disable-RegisterSpoolerRemoteRpcEndPointPOC详情
7This simple PowerShell script is in response to the "PrintNightmare" vulnerability. This was designed to give a end user the ability to stop and disable the "Print Spooler" service on their computer while awaiting a fix from Microsoft.https://github.com/geekbrett/CVE-2021-34527-PrintNightmare-WorkaroundPOC详情
8A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCEhttps://github.com/byt3bl33d3r/ItWasAllADreamPOC详情
9Simple batch script to disable the Microsoft Print Spooler service from systemhttps://github.com/vinaysudheer/Disable-Spooler-Service-PrintNightmare-CVE-2021-34527POC详情
10How to fix the PrintNightmare vulnerabilityhttps://github.com/powershellpr0mpt/PrintNightmare-CVE-2021-34527POC详情
11Mitigation for CVE-2021-34527 RCE by setting WRITE ACLshttps://github.com/WidespreadPandemic/CVE-2021-34527_ACL_mitigationPOC详情
12CVE-2021-34527 implementationhttps://github.com/glorisonlai/printnightmarePOC详情
13Nonehttps://github.com/dywhoami/CVE-2021-34527-Scanner-Based-On-cube0x0-POCPOC详情
14Fix for PrintNightmare CVE-2021-34527https://github.com/Eutectico/PrintnightmarePOC详情
15A collection of scripts to help set the appropriate registry keys for CVE-2021-34527https://github.com/syntaxbearror/PowerShell-PrintNightmarePOC详情
16A patch for PrintNightmare vulnerability that occurs to print spooler service for Windows machines [CVE-2021-34527]https://github.com/0xirison/PrintNightmare-PatcherPOC详情
17To fight against Windows security breach PrintNightmare! (CVE-2021-34527, CVE-2021-1675)https://github.com/Tomparte/PrintNightmarePOC详情
18Nonehttps://github.com/Amaranese/CVE-2021-34527POC详情
19Nonehttps://github.com/cyb3rpeace/CVE-2021-34527POC详情
20PrintNightmare (CVE-2021-34527) PoC Exploithttps://github.com/m8sec/CVE-2021-34527POC详情
21CVE-2021-34527 AddPrinterDriverEx() Privilege Escalationhttps://github.com/hackerhouse-opensource/cve-2021-34527POC详情
22# Fix-CVE-2021-34527 Fix for the security Script Changes ACL in the directory Stop Service PrintSpooler Spooler Changes StartupType to Disabled Add every server in the serverlist.csv and run script.https://github.com/fardinbarashi/PsFix-CVE-2021-34527POC详情
23CVE-2021-34527 PrintNightmare PoChttps://github.com/d0rb/CVE-2021-34527POC详情
24detect bruteforce using for cve-2021-34527https://github.com/TieuLong21Prosper/detect_bruteforcePOC详情
25Kritische Sicherheitslücke PrintNightmare CVE-2021-34527https://github.com/thomas-lauer/PrintNightmarePOC详情
26Nonehttps://github.com/Hirusha-N/CVE-2021-34527-CVE-2023-38831-and-CVE-2023-32784POC详情
27CVE-2021-34527 is a critical remote code execution and local privilege escalation vulnerability dubbed "PrintNightmare."https://github.com/AUSK1LL9/CVE-2021-34527POC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2021-34527 的情报信息
Please 登录 to view more intelligence information
IV. Related Vulnerabilities
Same product: Windows 10 Version 1809
Same vendor: Microsoft
V. Comments for CVE-2021-34527

暂无评论

发表评论