Company

ABOUT ESENTIRE

eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.

About Us →

Leadership →

Careers →

Event Calendar →

Newsroom →

Aston Villa Football Club →

EVENT CALENDAR

May

May TRU Intelligence Briefing

May

Elevate IT Technology Summit Kansas City

May

Cybersecurity Summit Toronto

May

Cybersec Brussels

May

Cybersecurity Summit Austin

View Calendar →

LATEST PRESS RELEASE

Mar 06, 2025

eSentire Unleashes AI-Driven Atlas Nexus Network, Empowering Cybersecurity Partners to Build Differentiated Security Services at Scale

View Newsroom →

OUR PARTNERSHIPS

Aston Villa Football Club

AVFC takes its cyber protection to the Next Level with eSentire as its official cybersecurity partner.

Learn More

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT

Proof-of-Concept (PoC) exploit code for the critical Windows vulnerability CVE-2021-1675 has been identified in the wild. CVE-2021-1675, also known as PrintNightmare, was disclosed and patched by Microsoft on June 8th, in the June 2021 Patch Tuesday security release. The vulnerability is classified as Remote Code Execution (RCE). Exploitation could allow a threat actor to take full control of vulnerable systems. Currently there is no indication of exploitation of the PrintNightmare vulnerability in the wild.

The public release of PoC code significantly reduces the barriers for exploitation. Due to this release, attacks in the wild are expected in the immediate future. Organizations are strongly recommended to apply the relevant security patches.

What we’re doing about it

MVS has local plugins to identify this vulnerability
esENDPOINT has rules in place to detect exploitation of CVE-2021-1675
eSentire security teams are reviewing the PoC code for detection opportunities

What you should do about it

Updated July 1st, 2021

After performing a business impact review, apply the relevant security patches provided by Microsoft
- The current patches will not remediate the vulnerability on Domain Controllers or systems that have Point and Print configured with the “NoWarningNoElevationOnInstall” configuration
Until updated security patches are released, organizations are recommended to disable the print spooler service
- Microsoft has released guidance for disabling the print spooler service

Additional information

The PoC exploit code was originally planned to be released by a security firm at BlackHat USA but was released in error on June 29th. The code was publicly available for multiple hours before being taken down. The security company plans to officially release the code and additional details at BlackHat USA in July 2021. eSentire has confirmed that despite the code takedown, it was copied and remains publicly available.

CVE-2021-1675 (CVSS: 7.8) is classified as a Windows Print Spooler Remote Code Execution vulnerability. A threat actor with local access to a vulnerable asset may exploit this vulnerability for code execution, lateral movement, and privilege escalation. In an attack scenario threat actors may exploit the vulnerability via previous access, remotely via SSH (using credentials), or through a malicious document (with user interaction).

Impacted products:

Windows 10 (multiple versions)
Windows 7 (multiple versions)
Windows 8 (multiple versions)
Windows Server 2019
Windows Server 2016
Windows Server 2012
Windows Server 2008
Windows Server, version 2004
Windows Server, version 20H2

References:

[1] https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1675
[2] https://www.kb.cert.org/vuls/id/383432
[3] https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-print-spooler

ESENTIRE SERVICES

Managed Detection and Response

All-In-One MDR Solution →

MDR for Microsoft →

MDR for GenAI →

Digital Forensics and Incident Response

Continuous Threat Exposure Management (CTEM)

PLATFORM, PEOPLE AND RESPONSE

Security Operations Center (SOC)

Extended Detection and Response (XDR)

Technology Integrations

Threat Response Unit (TRU)

Cyber Resilience Team

Response and Remediation

MDR Packages and 24/7 Protection

MDR Pricing and Packages

Atlas Essentials

Atlas Advanced

Atlas Complete

24/7 Coverage

Endpoint

Network

Log

Cloud

Identity

INDUSTRIES

Insurance

Construction

Finance

Legal

Manufacturing

Private Equity

Healthcare

Retail

Food Supply

Government and Education

Automotive Dealerships

USE CASES

Ransomware

Cybersecurity Compliance

Zero Day Attacks

Cloud Misconfiguration

Third-Party Risk

Do More With Less

Cyber Risk

Cyber Insurance

Sensitive Data Security

Security Leadership

Cyber Threat Intelligence

From The Blog

Pure Crypter Malware Analysis: 99 Problems but Detection Ain’t One

MDR Vendors: Complete Guide to Understanding Managed Detection & Response…

Identity is the New Attack Surface: Why Threat Detection Alone Isn't…

Resources

Case Studies

TRU Intelligence Center

Cybersecurity Tools

Videos

Reports

Webinars

Data Sheets

Real vs. Fake MDR

Compare MDR Vendors

Blogs

Security Advisories

SECURITY ADVISORIES

Maximum Severity SAP Vulnerability Exploited

CrushFTP Authentication Bypass