Preface: Microsoft has assigned CVE-2021-34527 to PrintNightmare. CVE-2021-1675 is similar but distinct from CVE-2021-34527.
Background: There is a vulnerability nickname PrintNightmare. PrintNightmare is not the same as CVE-2021-1675, which was fixed in the patch in June. there is currently no patch available for PrintNightmare.
Technical Details: The vulnerability numbered CVE-2021-34527 is the same RCE vulnerability in Print Spooler as CVE-2021-1675 that has attracted attention this week. Microsoft explained that it was caused by improper execution of the file by the Print Spooler service. To exploit this vulnerability, the attacker must be an authenticated user and execute RpcAddPrinterDriverEx(). Successful miners can execute arbitrary code with SYSTEM privileges.
Microsoft has addressed this issue in the updates for CVE-2021-34527. However, the Microsoft update for CVE-2021-34527 does not effectively prevent exploitation of systems where the Point and Print NoWarningNoElevationOnInstall is set to 1. For this reason, please consider the workarounds before Microsoft release the patch.
Workaround: Microsoft has listed several workarounds in their advisory for CVE-2021-34527. For more details, please refer to link.https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527