关联漏洞
标题:
Microsoft Windows Print Spooler Components 安全漏洞
(CVE-2021-34527)
描述:Microsoft Windows Print Spooler Components是美国微软(Microsoft)公司的一个打印后台处理程序组件。 Microsoft Windows Print Spooler Components 存在安全漏洞,攻击者可以通过该漏洞绕过PfcAddPrinterDriver的安全验证,并在打印服务器中安装恶意的驱动程序。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1
描述
Mitigation for CVE-2021-34527 RCE by setting WRITE ACLs
介绍
# CVE-2021-34527_mitigation
Mitigation for CVE-2021-34527 RCE by setting WRITE ACLs.
These scripts are both to add and remove CVE-2021-34527(PrintNightmare) ACL mitigations that I wrote with assistance from /u/AforAnonymous from the reddit thread by Huntress in /r/MSP. I've personally tested this using a vulnerable Windows 1909 Host. Implementing the ACL mitigation caused PrintNightmare at https://github.com/cube0x0/CVE-2021-1675 to kick the error DCERPC Runtime Error: code: 0x5 - rpc_s_access_denied. Please note that while the github I just referenced states CVE-2021-1675, it is actually for CVE-2021-34527. Once the ACL was removed with the rollback script, PrintNightmare was again successful.
This was inspired by https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/ and is not meant to be anything more than a potentially helpful mitigation until a patch is released.
Note you may not be able to add new printers/drivers with the mitigation in place. If you need to add a new printer/driver, you can run the rollback script, add the new printer/driver, and then re-run the mitigation script.
文件快照
[4.0K] /data/pocs/d9e0e608cfcafaf0547332a0efe459ee54e46228
├── [ 804] CVE-2021-34527_ACL_Mitigation.ps1
├── [ 735] CVE-2021-34527_ACL_Mitigation_Rollback.ps1
└── [1.2K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。