Since then, Security researcher and Mimikatz creator Benjamin Delpy has been devising further vulnerabilities targeting the print spooler that remain unpatched. While Microsoft released a security update for the remote code execution portion, researchers quickly bypassed the local privilege elevation component. This vulnerability allows remote code execution and local privilege escalation by installing malicious printer drivers. Technical details and a proof-of-concept (PoC) exploit for a new Windows print spooler vulnerability named 'PrintNightmare' (CVE-2021-34527) was accidentally disclosed in June.
A free unofficial patch has been released to protect Windows users from all new PrintNightmare zero-day vulnerabilities discovered since June.
