August 25, 2021


Researchers at Tencent Security discovered a vulnerability in Windows dubbed PrintNightmare which allows attackers to remotely execute arbitrary code as the SYSTEM account on Windows machines with little effort.

Print Spooler

In Windows the print spooler handles removing printers that are no longer connected to the network. The print spooler is not enabled by default and should only be enabled on networks that require connected printers.


A vulnerability similar to PrintNightmare was exploited in 2010 in the infamous malware Stuxnet which famously attacked Iranian nuclear facilities. The vulnerability was rediscovered several times in the last year when researchers found new avenues to exploit the print spooler.

Learn more about PrintNightmare from the US Cybersecurity and Infrastructure Security Agency website.