Malware attack and successful exploitation are found for the cve-2021-1675. It can be easily exploited and become a popular target with daily trend of going UP.
Initially, this vulnerability was categorized as LPE (Local Privileges Escalation), and been changed to RCE (Remote Code Execution) later (June 21).
Here's the latest vulnerability intelligence from KennaVI+.
[ CVE Description ]
[*] CVE_ID : CVE-2021-1675
[_] Desc : Windows Print Spooler Elevation of Privilege Vulnerability
[ Kenna.VM Summary ]
[*] Vuln Risk : 77.227
[*] Easily_Exploit : True
[*] Malware_Exploit : True
[*] Popular_Target : True
[*] Active_Internet_Breach : True
[ Kenna.VI+ ]
[*] Successful_Exploitations : 3
[*] Velocity (D/W/M) : 2/3/3
[*] Daily_Trend : up
[*] Pre_NVD : True [_FALSE_]
[*] RCE : True [_FALSE_]
[*] Predicted_Exploitable : 3 (0.2499% confidence)
[ Kenna.VI+ Details ]
[_] Created_at : 2020-12-02T22:00:10Z
[_] Published : 2021-06-08T23:15:00Z
[_] Last_Modified : 2021-06-10T23:21:00Z
[ Links / References ]
[*] Malware sample : 1
[_] Exploits [2]:
[ --> ] created_at : 2021-06-30T14:00:00Z
[ --> ] external_id : kenna.CVE-2021-1675
[ --> ] name : CVE-2021-1675: PrintNightmare
[ --> ] source : kenna
[ --> ] url : https://github.com/afwu/PrintNightmare
[ --> ] created_at : 2021-07-01T07:00:29Z
[ --> ] external_id : None
[ --> ] name : Win64.Exploit.CVE-2021-1675
[ --> ] source : reversing_labs
[ --> ] url : None
[_] Fixes [2]:
[ --> ] external_id : 91772
[ --> ] url : https://support.microsoft.com/en-in/help/5003635
[ --> ] product : windows
[ --> ] published_at : 2021-06-09T01:30:40Z
[ --> ] external_id : msft-cve-2021-1675
[ --> ] url : None
[ --> ] product : None
[ --> ] published_at : 2021-06-08T00:00:00Z
[_] Threat Actors [0]:
[ --> ] None
[ CVSS2 / CVSS3 Details ]
| Impact | | | CVSS_Access
================+=========+===+================+==============
Availability | Partial | | Complexity | Medium
Confidentiality | Partial | | Vector | Network
Integrity | Partial | | Authentication | None required
| CVSS_V2 | CVSS_V3
==============+===========================================+===========================================================
Base Score | 6.800 | 7.800
Exploit_Score | 8.600 | 1.800
Impact_Score | 6.400 | 5.900
Temporal | 5.000 | None
Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
[ Others ]
[*] Vulnerable Products [4] :
[ --> ] cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
[ --> ] cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
[ --> ] cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
[ --> ] cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
[ CVE Malware Family Info : None ]
[ CVE History : CVE-2021-1675 ]
[*] ID : 2658603
[*] Vuln Risk Score : 77
[*] History : 4
[**] changed_at : 2021-06-09T04:14:45.000Z
[**] from : 25
[**] to : 20
[**] changed_at : 2021-06-10T04:26:09.000Z
[**] from : 20
[**] to : 22
[**] changed_at : 2021-06-11T04:09:42.000Z
[**] from : 22
[**] to : 33
[**] changed_at : 2021-07-01T04:15:49.000Z
[**] from : 33
[**] to : 77
[ High_Profile_Vulnerability ]
[!!!] CVE-2021-1675 (77.227) : ['hpv_exploit', 'hpv_malware', 'hpv_poc']
** [5] threads completed [3 tasks] / [2.39 KB] within [2.95 sec].