CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: May 3, 2022
Description
Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation allows an attacker to perform remote code execution with SYSTEM privileges. The vulnerability is also known under the moniker of PrintNightmare.
EPSS — Exploit Probability
Higher than 99.9% of all CVEs
Required Action
Reference CISA's ED 21-04 (https://www.cisa.gov/news-events/directives/ed-21-04-mitigate-windows-print-spooler-service-vulnerability) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-04. https://nvd.nist.gov/vuln/detail/CVE-2021-34527
Risk Assessment
CRITICALDetails
- Severity
- High
- EPSS
- 94.3%
- CISA KEV
- Yes
- Ransomware
- Known
- Articles
- 0
Timeline
Published
Nov 3, 2021
Added to KEV
Nov 3, 2021
Remediation Due
May 3, 2022