Ransomware: Now attackers are exploiting Windows PrintNightmare vulnerabilities | WHAT REALLY HAPPENED X-Frame-Options: DENY X-Frame-Options: SAMEORIGIN

Ransomware: Now attackers are exploiting Windows PrintNightmare vulnerabilities

Cyber criminals are exploiting Windows PrintNightmare vulnerabilities in their attempts to infect victims with ransomware – and the number of ransomware groups attempting to take advantage of unpatched networks is likely to grow.

The remote code execution vulnerabilities (CVE-2021-34527 and CVE-2021-1675) in Windows Print Spooler – a service enabled by default in all Windows clients and used to copy data between devices to manage printing jobs – allow attackers to run arbitrary code, enabling them to install programs, modify, change and delete data, create new accounts with full user rights and move laterally around networks.

Now ransomware gangs are taking advantage of PrintNightmare to compromise networks, encrypt files and servers, and demand payment from victims for a decryption key.

Webmaster's Commentary: 

Comments

SHARE THIS ARTICLE WITH YOUR SOCIAL MEDIA