CVE-2021-1675 icon indicating copy to clipboard operation
CVE-2021-1675 copied to clipboard

Published 20 hours ago verified publisher icon calebstewart

Windows 10 Version 20H2

Open TheloniousH4CKER opened this issue 4 years ago • 4 comments

I ran the program on Windows 10 20H2 and I was presented with an error.

Invoke-Nightmare : [!] AddPrinterDriverEx failed.

TheloniousH4CKER avatar Jul 02 '21 17:07 TheloniousH4CKER

Does the script have to be ran against a domain controller for RpcAddPrinterDriverEx to work? Or can this exploit be used to gain admin access on a local windows machine?

TheloniousH4CKER avatar Jul 02 '21 19:07 TheloniousH4CKER

The exact versions of Windows which are affected by this vulnerability are still evolving. I had not been able to get this specific vulnerability to exploit on any Windows 10 target, but have heard of others getting it working. Stan Hegt posted a flow chart on Twitter outlining what versions of Windows should be vulnerable under which conditions, and seems promising, but I can't say I've tested all those branches.

calebstewart avatar Jul 03 '21 01:07 calebstewart

I have tried WIN 10 21H1 and it has failed

korang avatar Jul 05 '21 04:07 korang

I was able to get the script to run on 20H2 with the June 2021 CU installed, but only after I ran PowerShell as an administrator. Not much of an exploit if running with administrative rights is required. If one needs to run this code as administrator for it to work, you can simplify your code to use "New-LocalUser".

mstork avatar Jul 07 '21 16:07 mstork