Mitigation for CVE-2021-34527 RCE by setting WRITE ACLs# CVE-2021-34527_mitigation
Mitigation for CVE-2021-34527 RCE by setting WRITE ACLs.
These scripts are both to add and remove CVE-2021-34527(PrintNightmare) ACL mitigations that I wrote with assistance from /u/AforAnonymous from the reddit thread by Huntress in /r/MSP. I've personally tested this using a vulnerable Windows 1909 Host. Implementing the ACL mitigation caused PrintNightmare at https://github.com/cube0x0/CVE-2021-1675 to kick the error DCERPC Runtime Error: code: 0x5 - rpc_s_access_denied. Please note that while the github I just referenced states CVE-2021-1675, it is actually for CVE-2021-34527. Once the ACL was removed with the rollback script, PrintNightmare was again successful.
This was inspired by https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/ and is not meant to be anything more than a potentially helpful mitigation until a patch is released.
Note you may not be able to add new printers/drivers with the mitigation in place. If you need to add a new printer/driver, you can run the rollback script, add the new printer/driver, and then re-run the mitigation script.
[4.0K] /data/pocs/d9e0e608cfcafaf0547332a0efe459ee54e46228
├── [ 804] CVE-2021-34527_ACL_Mitigation.ps1
├── [ 735] CVE-2021-34527_ACL_Mitigation_Rollback.ps1
└── [1.2K] README.md
0 directories, 3 files