Microsoft provides further mitigations for PrintNightmare exploit, awards it "high" severity
Jul 4, 2021 01:12 EDT
· Hot!
with 7 comments
A couple of days ago, we learned of a new exploit called "PrintNightmare" which affects virtually all Windows devices. It makes use of the Windows Print Spooler service's unprotected functions to trigger remote code execution (RCE). The United States Cybersecurity and Infrastructure Security Agency (CISA) highlighted it as a critical vulnerability, with Microsoft actively investigating a fix. Now, the Redmond tech giant has provided more information on the matter.
PrintNightmare - which is being tracked under CVE-2021-34527 - has now been awarded a Common Vulnerability Scoring System (CVSS) base rating of 8.8. It is important to note that the CVSS v3.0 specification documentation defines this as a "high" severity vulnerability but it is dangerously close to the "critical" range which starts from 9.0. The base score can be a maximum of 10.0. Similarly, it currently has a temporal score of 8.2. The temporal score measures the current exploitability of a vulnerability based on a number of factors.