Microsoft has not fully patched CVE-2021-1675. As a result, all supported and Extended Security Update versions of Windows OS can be infected by malware installed on endpoints via ordinary user accounts. Attackers could gain domain controller system privileges in minutes. MITRE classified this as a “Windows Print Spooler Elevation of Privilege Vulnerability”. A privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system, or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.
On July 1, CyCraft has seen evidence of this exploit being successfully used in the wild as a launching point, leading to lateral movement and other aggressive attacker behavior. The stability and availability of this vulnerability are high. It will soon be exploited by more attackers, including via ransomware, invading the intranet for large-scale attacks in the near future. It is recommended that IT departments immediately implement response planning according to the following mitigation measures. We recommend that Windows environments update immediately to avoid this vulnerability being further utilized. And currently, while this vulnerability is not fully patched, we recommend further mitigation.