CVEs-PoC/2021/CVE-2021-34527.md

CVE-2021-34527

Description

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

UPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability.

In addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (Note: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):

• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
• NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)
• UpdatePromptSettings = 0 (DWORD) or not defined (default setting)

Having NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design.

UPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates.

Note that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527.

POC

Reference

• http://packetstormsecurity.com/files/167261/Print-Spooler-Remote-DLL-Injection.html

Github

• https://github.com/0housefly0/Printnightmare
• https://github.com/0x6d69636b/windows_hardening
• https://github.com/0x727/usefull-elevation-of-privilege
• https://github.com/0x7n6/OSCP
• https://github.com/0xMarcio/cve
• https://github.com/0xSs0rZ/Windows_Exploit
• https://github.com/0xStrygwyr/OSCP-Guide
• https://github.com/0xZipp0/OSCP
• https://github.com/0xaniketB/HackTheBox-Driver
• https://github.com/0xirison/PrintNightmare-Patcher
• https://github.com/0xsyr0/OSCP
• https://github.com/20142995/sectool
• https://github.com/3gstudent/Invoke-BuildAnonymousSMBServer
• https://github.com/5thphlame/OSCP-NOTES-ACTIVE-DIRECTORY-1
• https://github.com/61106960/ClipySharpPack
• https://github.com/AMatheusFeitosaM/OSCP-Cheat
• https://github.com/ANON-D46KPH4TOM/Active-Directory-Exploitation-Cheat-Sheets
• https://github.com/ARPSyndicate/cve-scores
• https://github.com/ARPSyndicate/cvemon
• https://github.com/AUSK1LL9/CVE-2021-34527
• https://github.com/Abhijeet-Khanzode/TASK3
• https://github.com/AbishekPonmudi/Chronicle
• https://github.com/AbishekPonmudi/Chronicle-notes
• https://github.com/Abr-ahamis/Priv-Esc
• https://github.com/AdamAmicro/CAHard
• https://github.com/AdamPumphrey/PowerShell
• https://github.com/Ais1on/cyeg-rag
• https://github.com/AleHelp/Windows-Pentesting-cheatsheet
• https://github.com/Alfesito/windows_hardening
• https://github.com/Alssi-consulting/HardeningKitty
• https://github.com/Aman12-security/Vulnerability-Scanning-Task-Solution
• https://github.com/Amar224/Active-Directory-Exploitation-Cheat-Sheet
• https://github.com/Amaranese/CVE-2021-34527
• https://github.com/AndreLlorente/NVD_CVE_EXTRACTOR
• https://github.com/Andromeda254/cve
• https://github.com/AnisseHounaoui/pentesting-tools
• https://github.com/Ansuman2004/Basic_Vulnerability_Scan
• https://github.com/Antix28/cybersecurity-labs-log
• https://github.com/Ascotbe/Kernelhub
• https://github.com/AshikAhmed007/Active-Directory-Exploitation-Cheat-Sheet
• https://github.com/Austin-Src/CVE-Checker
• https://github.com/BADR0b0t33/NSFW-Malware
• https://github.com/BADR0b0t33/PrintAttck
• https://github.com/BC-SECURITY/Moriarty
• https://github.com/BeetleChunks/SpoolSploit
• https://github.com/Bharathkasyap/programmatic-vulnerability-remediations-Bharath
• https://github.com/BobNich/answers-sec
• https://github.com/CVEDB/PoC-List
• https://github.com/CVEDB/awesome-cve-repo
• https://github.com/CVEDB/top
• https://github.com/CanaanGM/cap_ze_flag
• https://github.com/Challengers-win/Sec-Interview-ai
• https://github.com/Chuggelfischli/HardeningKitty
• https://github.com/CnOxx1/CVE-2021-34527-1675
• https://github.com/Code-is-hope/CVE-Reporter
• https://github.com/Cruxer8Mech/Idk
• https://github.com/CyberUltron-Nikhil/WAF-Copilot
• https://github.com/Cyberappy/Sigma-rules
• https://github.com/CybermonkX/COMPREHENSIVE-CYBERSECURITY-ATTACK-AND-DEFENSE-SIMULATION
• https://github.com/DARKSTUFF-LAB/SpoolSploit
• https://github.com/DanielBodnar/awesome-stars
• https://github.com/DanielBodnar/my-awesome-stars
• https://github.com/Deletria/consulting-vulnerability-database-lab
• https://github.com/DenizSe/CVE-2021-34527
• https://github.com/EnriqueSanchezdelVillar/NotesHck
• https://github.com/Eutectico/Printnightmare
• https://github.com/Faizan-Khanx/OSCP
• https://github.com/GhostTroops/TOP
• https://github.com/GlacierGossip/PrintNightmare
• https://github.com/Gokul-C/CIS-Hardening-Windows-L1
• https://github.com/Gyarbij/xknow_infosec
• https://github.com/H0j3n/EzpzCheatSheet
• https://github.com/H4niz/oscp-note
• https://github.com/HackingCost/AD_Pentest
• https://github.com/Hatcat123/my_stars
• https://github.com/Hirusha-N/CVE-2021-34527-CVE-2023-38831-and-CVE-2023-32784
• https://github.com/INIT6Source/Hacker-Arsenal-Toolkit
• https://github.com/In3x0rabl3/OSEP
• https://github.com/Iveco/xknow_infosec
• https://github.com/JERRY123S/all-poc
• https://github.com/JFR-C/Windows-Penetration-Testing
• https://github.com/Jalexander798/JA_Tools-ActiveDirectory-Exploitation
• https://github.com/Jean-Francois-C/Windows-Penetration-Testing
• https://github.com/JohnHammond/CVE-2021-34527
• https://github.com/KevinHalston/PWN-CTF-2022
• https://github.com/KevinHalston/Pico-CTF-2022
• https://github.com/Kiosec/Windows-Exploitation
• https://github.com/LaresLLC/CVE-2021-1675
• https://github.com/LeonardKachi/CompTIA-Security-plus
• https://github.com/LuckyLukeZz/hardeningkitty
• https://github.com/Luekrit/Threat-Hunting-at-Australian-University-s-Incidents
• https://github.com/Ly0nt4r/OSCP
• https://github.com/MGamalCYSEC/Active-Directory-Enumeration-and-Attacks
• https://github.com/MahmoudTaleb55/picoCTF-reports
• https://github.com/Mark272kira/-Vulnerability-Scan-using-Nessus-Essentials
• https://github.com/Mehedi-Babu/active_directory_chtsht
• https://github.com/MinoTauro2020/ActiveDirectory-_tips
• https://github.com/MizaruIT/PENTAD-TOOLKIT
• https://github.com/MizaruIT/PENTADAY_TOOLKIT
• https://github.com/Mohit0/Active-Directory-Exploitation-Cheat-Sheet
• https://github.com/Mr-xn/Penetration_Testing_POC
• https://github.com/MrP-cpu/ThreatSight
• https://github.com/Msfv3n0m/SteamRoller
• https://github.com/Msfv3n0m/SteamRoller3
• https://github.com/NaInSec/CVE-PoC-in-GitHub
• https://github.com/Ostorlab/KEV
• https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
• https://github.com/Otsmane-Ahmed/Understanding-Advanced-Persistent-Threats-APTs-
• https://github.com/PelinsonLucas/TrabalhoGB_2_Seguranca_app
• https://github.com/Perucy/vulngpt
• https://github.com/PhantomMist271/cybersecurity-task-3-vulnerability-scan
• https://github.com/PuddinCat/GithubRepoSpider
• https://github.com/RNBBarrett/CrewAI-examples
• https://github.com/RafaelwDuarte/Trabalho_Grau_B
• https://github.com/RaphaelDG/PrintNightmareCPP
• https://github.com/RaphaelKhoury/EPSS-Score-Extractor
• https://github.com/ReflectedThanatos/OSCP-cheatsheet
• https://github.com/Rootskery/Ethical-Hacking
• https://github.com/Royalboy2000/codeRDPbreaker
• https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
• https://github.com/S3cur3Th1sSh1t/My-starred-Repositories
• https://github.com/S3cur3Th1sSh1t/PowerSharpPack
• https://github.com/S3cur3Th1sSh1t/WinPwn
• https://github.com/S61CUK29/network-scanner
• https://github.com/SSBhaumik/Printnightmare-safetool
• https://github.com/SYRTI/POC_to_review
• https://github.com/Saifcy/Documation-IR
• https://github.com/Samuel-Adeola/Nmap-Commands
• https://github.com/SantoriuHen/NotesHck
• https://github.com/SarfiHabibova/CVE-Scraper
• https://github.com/SatenderKumar3024/CompTIA-Security-SY0-701-Exam-Repository-with-Exam-notes-and-Test-based-real
• https://github.com/SecuProject/NetworkInfoGather
• https://github.com/SenukDias/OSCP_cheat
• https://github.com/SexurityAnalyst/WinPwn
• https://github.com/Shadowven/Vulnerability_Reproduction
• https://github.com/SirElmard/ethical_hacking
• https://github.com/SofianeHamlaoui/Conti-Clear
• https://github.com/SploitHQ/searchsploit
• https://github.com/SystemJargon/info-sec
• https://github.com/SystemJargon/infosec-windows-2022
• https://github.com/T0mcat3r/ALinks
• https://github.com/TheJoyOfHacking/cube0x0-CVE-2021-1675
• https://github.com/Threekiii/Awesome-Redteam
• https://github.com/TieuLong21Prosper/detect_bruteforce
• https://github.com/Tomparte/PrintNightmare
• https://github.com/TrojanAZhen/Self_Back
• https://github.com/TypeError/elf
• https://github.com/VK9D/PrintNightmare
• https://github.com/Vertrauensstellung/PoshME
• https://github.com/ViniciusClement/OSCP_2025
• https://github.com/VishuGahlyan/OSCP
• https://github.com/Vluthor/Threat-Detection-SOC-Analysis
• https://github.com/VoiidByte/Impacket
• https://github.com/WatPow/anadoc
• https://github.com/WhooAmii/POC_to_review
• https://github.com/WidespreadPandemic/CVE-2021-34527_ACL_mitigation
• https://github.com/WiredPulse/Invoke-PrinterNightmareResponse
• https://github.com/Wong-Kai-Xian/CVE_Threat_Intelligence_Toolkit
• https://github.com/X-3306/my-all-notes
• https://github.com/YALOKGARua/YALOK-Programming-Language
• https://github.com/YoussDK0/pentest-ad-tool2
• https://github.com/Zamanry/OSCP_Cheatsheet
• https://github.com/ZeroCipherX/AttackBot
• https://github.com/Zeyad-Azima/Remedy4me
• https://github.com/abdullah89255/nuclei-examples-with-detailed-explanations
• https://github.com/adnan-kutay-yuksel/tryhackme-all-rooms-database
• https://github.com/adrianc68/cyber-security-concepts
• https://github.com/ahmed22-glitch/Understanding-Advanced-Persistent-Threats-APTs-
• https://github.com/akyuksel/tryhackme-all-rooms-database
• https://github.com/alvesnet-oficial/microsoft-vulnerabilidades
• https://github.com/alvesnet-suporte/microsoft-vulnerabilidades
• https://github.com/angui0O/Awesome-Redteam
• https://github.com/appatalks/ghes-cve-check
• https://github.com/auduongxuan/CVE-2022-26809
• https://github.com/aymankhder/AD-esploitation-cheatsheet
• https://github.com/aymankhder/Windows-Penetration-Testing
• https://github.com/b4rtik/SharpKatz
• https://github.com/badigervijay/AI-Based-Threat-Intelligence-Platform
• https://github.com/bhaveshpa-icpl/Hardening-windows
• https://github.com/boh/RedCsharp
• https://github.com/brimstone/stars
• https://github.com/brock-infosec/Hacker-Tools-Resources
• https://github.com/byt3bl33d3r/ItWasAllADream
• https://github.com/c04ch1337/metasploit_docker
• https://github.com/carloslacasa/cyber-ansible
• https://github.com/cfalta/MicrosoftWontFixList
• https://github.com/chdav/offensive-cybersec-toolkit
• https://github.com/clearbluejar/cve-markdown-charts
• https://github.com/corelight/CVE-2021-1675
• https://github.com/crimsoncore/SharpKatz
• https://github.com/crtaylor315/PrintNightmare-Before-Halloween
• https://github.com/cube0x0/CVE-2021-1675
• https://github.com/cyb3rpeace/Active-Directory-Exploitation-Cheat-Sheet
• https://github.com/cyb3rpeace/CVE-2021-34527
• https://github.com/cyberanand1337x/bug-bounty-2022
• https://github.com/d0nkeyk0ng787/PrintNightmare-POC
• https://github.com/d0rb/CVE-2021-34527
• https://github.com/danielbodnar/my-awesome-stars
• https://github.com/drerx/Active-Directory-Exploitation-Cheat-Sheet
• https://github.com/dvirItcher/433project
• https://github.com/dywhoami/CVE-2021-34527-Scanner-Based-On-cube0x0-POC
• https://github.com/e-hakson/OSCP
• https://github.com/edsonjt81/CVE-2021-1675
• https://github.com/edsonjt81/SpoolSploit
• https://github.com/elinakrmova/Active-Directory-Exploitation-Cheat-Sheet
• https://github.com/elinakrmova/WinPwn
• https://github.com/eljosep/OSCP-Guide
• https://github.com/emtee40/win-pwn
• https://github.com/eng-amarante/CyberSecurity
• https://github.com/evilashz/CVE-2021-1675-LPE-EXP
• https://github.com/exfilt/CheatSheet
• https://github.com/fardinbarashi/Fix-CVE-2021-34527
• https://github.com/fardinbarashi/PsFix-CVE-2021-34527
• https://github.com/fazilbaig1/oscp
• https://github.com/floridop/serviceflipper
• https://github.com/galoget/PrintNightmare-CVE-2021-1675-CVE-2021-34527
• https://github.com/gautam0786/Cybersecurity-Intern-task-3
• https://github.com/gdrlab/PrintNightmare
• https://github.com/gecr07/HTB-Academy
• https://github.com/geekbrett/CVE-2021-34527-PrintNightmare-Workaround
• https://github.com/getanehAl/Windows-Penetration-Testing
• https://github.com/giterlizzi/secdb-feeds
• https://github.com/glorisonlai/printnightmare
• https://github.com/glshnu/PrintNightmare
• https://github.com/goelmedha1/SecurityLens-CVEFinder-AI-Chatbot
• https://github.com/gregt114/cryptid564
• https://github.com/hack-parthsharma/WinPwn
• https://github.com/hackerhouse-opensource/cve-2021-34527
• https://github.com/hackerhouse-opensource/hackerhouse-opensource
• https://github.com/hacktheworldlive/exploits-guide
• https://github.com/harikrishhnan/CVE-Data-Retrieval-and-Management-System-
• https://github.com/hkochgavey/NVD_CVE_Project
• https://github.com/hktalent/TOP
• https://github.com/hlldz/CVE-2021-1675-LPE
• https://github.com/iamramahibrah/AD-Attacks-and-Defend
• https://github.com/jbmihoub/all-poc
• https://github.com/jcabrale/Windows_hardening
• https://github.com/jenilv-07/HardeningKitty
• https://github.com/jitmondal1/OSCP
• https://github.com/jjasoncool/hardeningkitty_custom
• https://github.com/jordanf17/PenTest-Report
• https://github.com/k0imet/CVE-POCs
• https://github.com/k8gege/Ladon
• https://github.com/karimhabush/cyberowl
• https://github.com/kayo09/ForMistakeLearning
• https://github.com/kdandy/WinPwn
• https://github.com/kgwanjala/oscp-cheatsheet
• https://github.com/khulnasoft-lab/awesome-security
• https://github.com/khulnasoft-labs/awesome-security
• https://github.com/kptm-tools/kptm-docs
• https://github.com/laoqin1234/https-github.com-HackingCost-AD_Pentest
• https://github.com/lions2012/Penetration_Testing_POC
• https://github.com/ly4k/PrintNightmare
• https://github.com/m8sec/CVE-2021-34527
• https://github.com/mahdictf/PrivEsc-Techniques
• https://github.com/malwaremily/infosec-news-briefs
• https://github.com/mayormaier/printnightmare-fixes
• https://github.com/mdecrevoisier/EVTX-to-MITRE-Attack
• https://github.com/mdecrevoisier/SIGMA-detection-rules
• https://github.com/meltingscales/DragonShard
• https://github.com/merlinepedra/POWERSHARPPACK
• https://github.com/merlinepedra/SpoolSploit
• https://github.com/merlinepedra25/POWERSHARPPACK
• https://github.com/merlinepedra25/SpoolSploit
• https://github.com/mranv/adPentest
• https://github.com/mrlless/mp_pdql_example
• https://github.com/n0-traces/cve_monitor
• https://github.com/nathanealm/PrintNightmare-Exploit
• https://github.com/nehakoyalkar18/vulnerability_scan
• https://github.com/nemo-wq/PrintNightmare-CVE-2021-34527
• https://github.com/netkid123/WinPwn-1
• https://github.com/nholuongut/active-directory-exploitation-cheat-sheet
• https://github.com/nitishbadole/oscp-note-3
• https://github.com/nomi-sec/PoC-in-GitHub
• https://github.com/nullx3d/PaypScan
• https://github.com/orgTestCodacy11KRepos110MB/repo-9265-PowerSharpPack
• https://github.com/oscpname/AD_PowerSharpPack
• https://github.com/oscpname/OSCP_cheat
• https://github.com/outflanknl/PrintNightmare
• https://github.com/ozergoker/PrintNightmare
• https://github.com/ozzy76/cveCheck
• https://github.com/p0haku/cve_scraper
• https://github.com/parth45/cheatsheet
• https://github.com/penetrarnya-tm/WeaponizeKali.sh
• https://github.com/pentestfunctions/book_contents_notes
• https://github.com/pluja/stars
• https://github.com/plzheheplztrying/cve_monitor
• https://github.com/powershellpr0mpt/PrintNightmare-CVE-2021-34527
• https://github.com/prap05/elevatelabs_task03
• https://github.com/pudiish/CVE
• https://github.com/pwninx/WinPwn
• https://github.com/pwnlog/ALinks
• https://github.com/pwnlog/PAD
• https://github.com/pwnlog/PuroAD
• https://github.com/pwnlog/PurpAD
• https://github.com/r1skkam/PrintNightmare
• https://github.com/raithedavion/PrintNightmare
• https://github.com/rajbhx/Active-Directory-Exploitation-Cheat-Sheet
• https://github.com/rathor-ak/Task-3-vulnerability-Report-
• https://github.com/rdboboia/disable-RegisterSpoolerRemoteRpcEndPoint
• https://github.com/retr0-13/Active-Directory-Exploitation-Cheat-Sheet
• https://github.com/retr0-13/PrintNightmare
• https://github.com/retr0-13/WinPwn
• https://github.com/revanmalang/OSCP
• https://github.com/rodrigosilvaluz/JUST_WALKING_DOG
• https://github.com/romarroca/random-scripts
• https://github.com/rumputliar/Active-Directory-Exploitation-Cheat-Sheet
• https://github.com/s3mPr1linux/JUST_WALKING_DOG
• https://github.com/scipag/HardeningKitty
• https://github.com/sh7alward/CVE-20121-34527-nightmare
• https://github.com/shahidshaik786/ActiveDirectory_Attacks_CRTP_OSCP
• https://github.com/skyethedev/HardeningKitty
• https://github.com/slaptat/GroupScripts
• https://github.com/snovvcrash/WeaponizeKali.sh
• https://github.com/soosmile/POC
• https://github.com/spartancyberultron/WAF-Copilot
• https://github.com/sponkmonk/Ladon_english_update
• https://github.com/suman-git74/Vulnerability-Scanner
• https://github.com/swatiagrawal264/SecurityLens_CVE-Finder_AI-Chatbot
• https://github.com/sweetpotatohack/akuma-advanced-scanner
• https://github.com/sweetpotatohack/akuma-lowhanging-scanner
• https://github.com/syntaxbearror/PowerShell-PrintNightmare
• https://github.com/synth3sis/PrintNightmare
• https://github.com/taielab/awesome-hacking-lists
• https://github.com/thangnguyenchien/CVE
• https://github.com/thomas-lauer/PrintNightmare
• https://github.com/threatsurfer/cve-attack-mapper
• https://github.com/tid4l/offensive-cybersec-toolkit
• https://github.com/tim3959951/CVE-Analysis-Agent
• https://github.com/trganda/starrlist
• https://github.com/trhacknon/Pocingit
• https://github.com/txuswashere/OSCP
• https://github.com/tylertank/printspoofer
• https://github.com/uhub/awesome-c-sharp
• https://github.com/undefined-name12/Cheat-Sheet-Active-Directory
• https://github.com/versatilitydev/r2d2_api
• https://github.com/vinaysudheer/Disable-Spooler-Service-PrintNightmare-CVE-2021-34527
• https://github.com/weeka10/-hktalent-TOP
• https://github.com/whitfieldsdad/cisa_kev
• https://github.com/whoami-chmod777/CVE-2021-1675-CVE-2021-34527
• https://github.com/willamygarcia/Vuln_Windows_7_11
• https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
• https://github.com/wlfrag/printnightmare
• https://github.com/wowter-code/PowerSharpPack
• https://github.com/x968ms/pentest
• https://github.com/xbufu/PrintNightmareCheck
• https://github.com/xcode96/REDME
• https://github.com/xhref/OSCP
• https://github.com/xtawb/Shadowolf
• https://github.com/xuetusummer/Penetration_Testing_POC
• https://github.com/ycdxsb/WindowsPrivilegeEscalation
• https://github.com/yovelo98/OSCP-Cheatsheet
• https://github.com/zecool/cve
• https://github.com/zhanpengliu-tencent/medium-cve