← back
CVE-2021-1675

Windows Print Spooler Remote Code Execution Vulnerability

CVSS 7.8 HIGHEPSS 86.1%● KEV
In short

A vulnerability in Windows Print Spooler allows attackers to run malicious code remotely on a computer without needing special permissions. An attacker can exploit this by sending specially crafted requests to the print service, potentially taking complete control of the affected system.

Technical detail

The Windows Print Spooler service fails to properly validate client requests, allowing unauthenticated remote code execution via the RPC interface. An attacker can send a malicious print job or RPC call that triggers arbitrary code execution with SYSTEM privileges, requiring only network access to port 445 or similar print service endpoints.

Summary generated and translated by AI from the official description.
Windows Print Spooler Remote Code Execution Vulnerability
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Windows 10 Version 1507Microsoft · Windows 10 Version 1607Microsoft · Windows 10 Version 1809Microsoft · Windows 10 Version 1909Microsoft · Windows 10 Version 2004Microsoft · Windows 10 Version 20H2Microsoft · Windows 10 Version 21H1Microsoft · Windows 7Microsoft · Windows 7 Service Pack 1Microsoft · Windows 8.1Microsoft · Windows Server 2008 R2 Service Pack 1Microsoft · Windows Server 2008 R2 Service Pack 1 (Server Core installation)Microsoft · Windows Server 2008 Service Pack 2Microsoft · Windows Server 2008 Service Pack 2Microsoft · Windows Server 2008 Service Pack 2 (Server Core installation)Microsoft · Windows Server 2012Microsoft · Windows Server 2012 R2Microsoft · Windows Server 2012 R2 (Server Core installation)Microsoft · Windows Server 2012 (Server Core installation)Microsoft · Windows Server 2016Microsoft · Windows Server 2016 (Server Core installation)Microsoft · Windows Server 2019Microsoft · Windows Server 2019 (Server Core installation)Microsoft · Windows Server version 2004Microsoft · Windows Server version 20H2
public PoCs found48
githubgithub.com/cube0x0/CVE-2021-16751990githubgithub.com/calebstewart/CVE-2021-16751100githubgithub.com/hlldz/CVE-2021-1675-LPE325githubgithub.com/LaresLLC/CVE-2021-1675214githubgithub.com/ly4k/PrintNightmare209githubgithub.com/mstxq17/CVE-2021-1675_RDL_LPE145githubgithub.com/sailay1996/PrintNightmare-LPE77githubgithub.com/evilashz/CVE-2021-1675-LPE-EXP56githubgithub.com/cybersecurityworks553/CVE-2021-1675_PrintNightMare23githubgithub.com/JumpsecLabs/PrintNightmare19githubgithub.com/eversinc33/NimNightmare18githubgithub.com/k8gege/cve-2021-167515githubgithub.com/Wra7h/SharpPN10githubgithub.com/Leonidus0x10/CVE-2021-1675-SCANNER9githubgithub.com/corelight/CVE-2021-16759githubgithub.com/exploitblizzard/PrintNightmare-CVE-2021-16755githubgithub.com/thomasgeens/CVE-2021-16753githubgithub.com/hahaleyile/my-CVE-2021-16753githubgithub.com/bartimusprimed/CVE-2021-1675-Yara2githubgithub.com/ozergoker/PrintNightmare2githubgithub.com/kondah/patch-cve-2021-16752githubgithub.com/yu2u/CVE-2021-16752githubgithub.com/killtr0/CVE-2021-1675-PrintNightmare2githubgithub.com/DLL00P/CVE-2021-16751githubgithub.com/puckiestyle/CVE-2021-16751githubgithub.com/Winter3un/CVE-2021-16751githubgithub.com/OppressionBreedsResistance/CVE-2021-1675-PrintNightmare1githubgithub.com/peckre/PNCVE-Win10-20H2-Exploit1githubgithub.com/whoami-chmod777/CVE-2021-1675-CVE-2021-345271githubgithub.com/galoget/PrintNightmare-CVE-2021-1675-CVE-2021-345270githubgithub.com/zha0/Microsoft-CVE-2021-16750githubgithub.com/whoami-chmod777/CVE-2021-1675---PrintNightmare-LPE-PowerShell-0githubgithub.com/kougyokugentou/CVE-2021-16750githubgithub.com/mrezqi/CVE-2021-1675_CarbonBlack_HuntingQuery0githubgithub.com/tanarchytan/CVE-2021-16750githubgithub.com/initconf/cve-2021-1675-printnightmare0githubgithub.com/ptter23/CVE-2021-16750githubgithub.com/thalpius/microsoft-cve-2021-16750githubgithub.com/0xSs0rZ/Windows_Exploit0githubgithub.com/r1skkam/PrintNightmare0githubgithub.com/000Tonio/cve-2021-16750githubgithub.com/Sp4ceDogy/NPE-CS-V-CVE-2021-16750githubgithub.com/CameraShutterBug/PrintNightmare0githubgithub.com/ccordeiro/CVE-2021-16750githubgithub.com/edsonjt81/CVE-2021-16750cve_referencepacketstormsecurity.com/files/167261/Print-Spooler-Remote-DLL-Injection.htmlunverifiedcve_referencepacketstormsecurity.com/files/163349/Microsoft-PrintNightmare-Proof-Of-Concept.htmlunverifiedcve_referencepacketstormsecurity.com/files/163351/PrintNightmare-Windows-Spooler-Service-Remote-Code-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/163349/Microsoft-PrintNightmare-Proof-Of-Concept.htmlhttp://packetstormsecurity.com/files/163351/PrintNightmare-Windows-Spooler-Service-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/167261/Print-Spooler-Remote-DLL-Injection.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1675https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1675https://www.kb.cert.org/vuls/id/383432