CVE-2021-1675

2021/07/08
  • 那些年的漏洞們
    •

    最近搞得公司雞飛狗跳的漏洞. 上千台伺服器+上萬台Endpoint要上Patch….
    光想就頭皮發麻…

    Zero day for every supported Windows OS version in the wild — PrintNightmare
    zhiniang peng tweeted out a proof of concept exploit and explainer recently, and then quickly deleted it. This exploit and discussion…
    Read More
    doublepulsar.com

    在github上找到全PowerShell版的實現, 好像跟CVE-2021-34527也有點關係, 只好找點時間來看Source Code了

    calebstewart/CVE-2021-1675
    Pure PowerShell implementation of CVE-2021-1675 Print Spooler Local Privilege Escalation (PrintNightmare) – calebstewart/CVE-2021-1675
    Read More
    github.com

    另外這裡是偵測的Kusto Query, 前提就是要掏錢買Microsoft DATP…

    Suspicious20Spoolsv20Child20Process.md
    Read More
    github.com

    看起來好像是Remediation, 待看

    LaresLLC/CVE-2021-1675
    CVE-2021-1675 Detection Info. Contribute to LaresLLC/CVE-2021-1675 development by creating an account on GitHub.
    Read More
    github.com

    關於作者

    Nelley,乃力。
    就是一個村民。