CVE-2021-1675: Microsoft Windows Print Spooler Remote Code Execution

Microsoft Windows Print Spooler Remote Code Execution Vulnerability. Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution.

• CISA KEV-listed (remediation due 2021-11-17)
• used in ransomware campaigns
• EPSS 94.3% (100.0% percentile)

Detection rules

• Antivirus PrinterNightmare CVE-2021-34527 Exploit Detection critical
• Potential PrintNightmare Exploitation Attempt high
• CVE-2021-1675 Print Spooler Exploitation Filename Pattern critical
• Windows Spooler Service Suspicious Binary Load informational
• PrinterNightmare Mimikatz Driver Name critical
• Possible CVE-2021-1675 Print Spooler Exploitation high
• CVE-2021-1675 Print Spooler Exploitation critical
• CVE-2021-1675 Print Spooler Exploitation IPC Access critical
• Possible PrintNightmare Print Driver Install - CVE-2021-1675 medium
• Suspicious Rejected SMB Guest Logon From IP medium
• Malicious PowerShell Commandlets - PoshModule high
• Malicious PowerShell Commandlets - ScriptBlock high
• Malicious PowerShell Commandlets - ProcessCreation high

Browse the CVE database

Read the full analysis on IntelFusions