Symantec cybersecurity experts: The malware deployment is preceded by a reconnaissance with the AdFind tool. The victims are large organizations.
The PrintNightmare vulnerability has been patched in all Windows versions. Microsoft released the emergency security update KB5004948 for the Print Spooler critical zero-day flaw, the CVE-2021-34527
The PrintNightmare Windows Print Spooler critical zero-day vulnerability has been patched in all the operating system versions. Microsoft released the KB5004948 emergency security update to fixed it. The flaw, known as the CVE-2021-34527 enabled attackers to take over affected servers via remote code execution (RCE) with SYSTEM privileges. In recent days before the patch was issued, the US Cybersecurity and Infrastructure Security Agency (CISA) released an advise to cover the problem temporarily. It suggested to disable the Windows Print Spooler service on servers not used for printing.