Articles The official patch for the PrintNightmare vulnerability was ineffective

The official patch for the PrintNightmare vulnerability was ineffective


Earlier this week, the company released an emergency patch for a critical PrintNightmare bug recently discovered in Windows Print Spooler (spoolsv.exe).

Microsoft  assigned  the bug ID CVE-2021-34527, and also confirmed that the problem allows arbitrary code to be executed remotely with SYSTEM privileges and allows an attacker to install programs, view, modify or delete data, and create new accounts with user rights.

Currently, patches are available for all versions of Windows, including even Windows 7:

At the same time, cybersecurity researchers quickly discovered that these fixes were incomplete, since the vulnerability could still be exploited locally to gain SYSTEM privileges. In particular, this information was confirmed by Matthew Hickey, co-founder of Hacker House, and Will Dormann, analyst at CERT / CC.

As it turned out now, the problem is even more serious than they thought. Other researchers also began modifying their exploits and testing the patch, after which it turned out that the fix could be bypassed completely and exploit the vulnerability not only for local privilege escalation, but also for remote execution of arbitrary code.

Mimikatz developer Benjamin Delp writes that the patch can be bypassed if the Point and Print Restrictions policy is active, and the “When installing drivers for a new connection” parameter should be set to “Do not show warning on elevation prompt”.

Matthew Hickey told Bleeping Computer that users are still better off turning Print Spooler off altogether, blocking printing locally and remotely (until a full patch is available). Also, the publication itself notes that the unofficial micropatch from the developer 0patch turned out to be more effective, and you can use it. However, this third-party solution conflicts with Microsoft’s July 6, 2021 patch, meaning 0patch can only be applied instead of the official one.

Microsoft says it is already aware of the experts’ findings, and the company is already investigating these reports.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you