CVE-2021-34527— Microsoft Windows Print Spooler Components 安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2021-34527の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Windows Print Spooler Remote Code Execution Vulnerability
ソース: NVD (National Vulnerability Database)
脆弱性説明
<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>UPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability.</p> <p>In addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (<strong>Note</strong>: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):</p> <ul> <li>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint</li> <li>NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)</li> <li>UpdatePromptSettings = 0 (DWORD) or not defined (default setting)</li> </ul> <p><strong>Having NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design.</strong></p> <p>UPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also <a href="https://support.microsoft.com/topic/31b91c02-05bc-4ada-a7ea-183b129578a7">KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates</a>.</p> <p>Note that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527.</p>
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Microsoft Windows Print Spooler Components 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Microsoft Windows Print Spooler Components是美国微软(Microsoft)公司的一个打印后台处理程序组件。 Microsoft Windows Print Spooler Components 存在安全漏洞,攻击者可以通过该漏洞绕过PfcAddPrinterDriver的安全验证,并在打印服务器中安装恶意的驱动程序。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| Microsoft | Windows 10 Version 1809 | 10.0.0 ~ 10.0.17763.2029 | cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2029:*:*:*:*:*:x86:* | |
| Microsoft | Windows Server 2019 | 10.0.0 ~ 10.0.17763.2029 | cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2029:*:*:*:*:*:*:* | |
| Microsoft | Windows Server 2019 (Server Core installation) | 10.0.0 ~ 10.0.17763.2029 | cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2029:*:*:*:*:*:*:* | |
| Microsoft | Windows Server 2022 | 10.0.0 ~ 10.0.20348.230 | cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230:*:*:*:*:*:*:* | |
| Microsoft | Windows 10 Version 20H2 | 10.0.0 ~ 10.0.19042.1083 | cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1083:*:*:*:*:*:x86:* | |
| Microsoft | Windows Server version 20H2 | 10.0.0 ~ 10.0.19042.1083 | cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1083:*:*:*:*:*:*:* | |
| Microsoft | Windows 11 version 21H2 | 10.0.0 ~ 10.0.22000.318 | cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:x64:* | |
| Microsoft | Windows 10 Version 21H2 | 10.0.0 ~ 10.0.19044.1415 | cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415:*:*:*:*:*:x86:* | |
| Microsoft | Windows 11 version 22H2 | 10.0.0 ~ 10.0.22621.674 | cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.674:*:*:*:*:*:arm64:* | |
| Microsoft | Windows 10 Version 22H2 | 10.0.0 ~ 10.0.19045.2251 | cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.2251:*:*:*:*:*:x64:* | |
| Microsoft | Windows 10 Version 1507 | 10.0.0 ~ 10.0.10240.18969 | cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.18969:*:*:*:*:*:x86:* | |
| Microsoft | Windows 10 Version 1607 | 10.0.0 ~ 10.0.14393.4470 | cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4470:*:*:*:*:*:x86:* | |
| Microsoft | Windows Server 2016 | 10.0.0 ~ 10.0.14393.4470 | cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4470:*:*:*:*:*:*:* | |
| Microsoft | Windows Server 2016 (Server Core installation) | 10.0.0 ~ 10.0.14393.4470 | cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4470:*:*:*:*:*:*:* | |
| Microsoft | Windows 8.1 | 6.3.0 ~ 6.3.9600.20046 | cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20046:*:*:*:*:*:*:* | |
| Microsoft | Windows Server 2008 Service Pack 2 | 6.0.0 ~ 6.0.6003.21138 | cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21138:*:*:*:*:*:x64:* | |
| Microsoft | Windows Server 2008 Service Pack 2 (Server Core installation) | 6.0.0 ~ 6.0.6003.21138 | cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21138:*:*:*:*:*:x64:* | |
| Microsoft | Windows Server 2008 Service Pack 2 | 6.0.0 ~ 6.0.6003.21138 | cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21138:*:*:*:*:*:x86:* | |
| Microsoft | Windows Server 2008 R2 Service Pack 1 | 6.1.0 ~ 6.1.7601.25633 | cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25633:*:*:*:*:*:x64:* | |
| Microsoft | Windows Server 2008 R2 Service Pack 1 (Server Core installation) | 6.0.0 ~ 6.1.7601.25633 | cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25633:*:*:*:*:*:x64:* | |
| Microsoft | Windows Server 2012 | 6.2.0 ~ 6.2.9200.23383 | cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23383:*:*:*:*:*:x64:* | |
| Microsoft | Windows Server 2012 (Server Core installation) | 6.2.0 ~ 6.2.9200.23383 | cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23383:*:*:*:*:*:x64:* | |
| Microsoft | Windows Server 2012 R2 | 6.3.0 ~ 6.3.9600.20046 | cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20046:*:*:*:*:*:x64:* | |
| Microsoft | Windows Server 2012 R2 (Server Core installation) | 6.3.0 ~ 6.3.9600.20046 | cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20046:*:*:*:*:*:x64:* |
II. CVE-2021-34527の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|---|---|---|
| 1 | Small Powershell Script to detect Running Printer Spoolers on Domain Controller | https://github.com/DenizSe/CVE-2021-34527 | POC詳細 |
| 2 | Kritische Sicherheitslücke PrintNightmare CVE-2021-34527 | https://github.com/glshnu/PrintNightmare | POC詳細 |
| 3 | None | https://github.com/JohnHammond/CVE-2021-34527 | POC詳細 |
| 4 | PrintNightmare - Windows Print Spooler RCE/LPE Vulnerability (CVE-2021-34527, CVE-2021-1675) proof of concept exploits | https://github.com/nemo-wq/PrintNightmare-CVE-2021-34527 | POC詳細 |
| 5 | Cve-2021-1675 or cve-2021-34527? Detailed analysis and exploitation of windows print spooler 0day vulnerability!!! | https://github.com/CnOxx1/CVE-2021-34527-1675 | POC詳細 |
| 6 | Workaround for Windows Print Spooler Remote Code Execution Vulnerability(CVE-2021-34527). See: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 | https://github.com/rdboboia/disable-RegisterSpoolerRemoteRpcEndPoint | POC詳細 |
| 7 | This simple PowerShell script is in response to the "PrintNightmare" vulnerability. This was designed to give a end user the ability to stop and disable the "Print Spooler" service on their computer while awaiting a fix from Microsoft. | https://github.com/geekbrett/CVE-2021-34527-PrintNightmare-Workaround | POC詳細 |
| 8 | A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE | https://github.com/byt3bl33d3r/ItWasAllADream | POC詳細 |
| 9 | Simple batch script to disable the Microsoft Print Spooler service from system | https://github.com/vinaysudheer/Disable-Spooler-Service-PrintNightmare-CVE-2021-34527 | POC詳細 |
| 10 | How to fix the PrintNightmare vulnerability | https://github.com/powershellpr0mpt/PrintNightmare-CVE-2021-34527 | POC詳細 |
| 11 | Mitigation for CVE-2021-34527 RCE by setting WRITE ACLs | https://github.com/WidespreadPandemic/CVE-2021-34527_ACL_mitigation | POC詳細 |
| 12 | CVE-2021-34527 implementation | https://github.com/glorisonlai/printnightmare | POC詳細 |
| 13 | None | https://github.com/dywhoami/CVE-2021-34527-Scanner-Based-On-cube0x0-POC | POC詳細 |
| 14 | Fix for PrintNightmare CVE-2021-34527 | https://github.com/Eutectico/Printnightmare | POC詳細 |
| 15 | A collection of scripts to help set the appropriate registry keys for CVE-2021-34527 | https://github.com/syntaxbearror/PowerShell-PrintNightmare | POC詳細 |
| 16 | A patch for PrintNightmare vulnerability that occurs to print spooler service for Windows machines [CVE-2021-34527] | https://github.com/0xirison/PrintNightmare-Patcher | POC詳細 |
| 17 | To fight against Windows security breach PrintNightmare! (CVE-2021-34527, CVE-2021-1675) | https://github.com/Tomparte/PrintNightmare | POC詳細 |
| 18 | None | https://github.com/Amaranese/CVE-2021-34527 | POC詳細 |
| 19 | None | https://github.com/cyb3rpeace/CVE-2021-34527 | POC詳細 |
| 20 | PrintNightmare (CVE-2021-34527) PoC Exploit | https://github.com/m8sec/CVE-2021-34527 | POC詳細 |
| 21 | CVE-2021-34527 AddPrinterDriverEx() Privilege Escalation | https://github.com/hackerhouse-opensource/cve-2021-34527 | POC詳細 |
| 22 | # Fix-CVE-2021-34527 Fix for the security Script Changes ACL in the directory Stop Service PrintSpooler Spooler Changes StartupType to Disabled Add every server in the serverlist.csv and run script. | https://github.com/fardinbarashi/PsFix-CVE-2021-34527 | POC詳細 |
| 23 | CVE-2021-34527 PrintNightmare PoC | https://github.com/d0rb/CVE-2021-34527 | POC詳細 |
| 24 | detect bruteforce using for cve-2021-34527 | https://github.com/TieuLong21Prosper/detect_bruteforce | POC詳細 |
| 25 | Kritische Sicherheitslücke PrintNightmare CVE-2021-34527 | https://github.com/thomas-lauer/PrintNightmare | POC詳細 |
| 26 | None | https://github.com/Hirusha-N/CVE-2021-34527-CVE-2023-38831-and-CVE-2023-32784 | POC詳細 |
| 27 | CVE-2021-34527 is a critical remote code execution and local privilege escalation vulnerability dubbed "PrintNightmare." | https://github.com/AUSK1LL9/CVE-2021-34527 | POC詳細 |
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2021-34527のインテリジェンス情報
请登录查看更多情报信息。
IV. 関連脆弱性
同じ製品: Windows 10 Version 1809
- CVE-2026-32163
Windows User Interface Core Elevation of Privilege Vulnerabi - CVE-2026-32162
Windows COM Elevation of Privilege Vulnerability - CVE-2026-32153
Windows Speech Runtime Elevation of Privilege Vulnerability - CVE-2026-32088
Windows Biometric Service Security Feature Bypass Vulnerabil - CVE-2026-32078
Windows Projected File System Elevation of Privilege Vulnera
同じベンダー: Microsoft
- CVE-2026-42826
Azure DevOps Information Disclosure Vulnerability - CVE-2026-35428
Azure Cloud Shell Spoofing Vulnerability - CVE-2026-35435
Azure AI Foundry Elevation of Privilege Vulnerability - CVE-2026-34327
Microsoft Partner Center Spoofing Vulnerability - CVE-2026-33844
Azure Managed Instance for Apache Cassandra Remote Code Exec
V. CVE-2021-34527へのコメント
まだコメントはありません