Microsoft's “PrintNightmare” patch doesn't fix issue, researchers say

By on
Microsoft's “PrintNightmare” patch doesn't fix issue, researchers say

A number of security researchers have cast doubts over Microsoft’s fix to address a vulnerability in Windows print spooler, also known as “PrintNightmare”.

First reported by Ars Technica and also covered by CRN sibling site iTnews, United States Computer Emergency Response Team vulnerability analyst Will Dormann and Mimikatz security tool developer Benjamin Delpy both took to Twitter to reveal the results of their patch testing.

Dormann expressed doubts on whether the patch was sufficient to prevent remote code execution and local privilege escalation to the SYSTEM Windows user.

Delpy meanwhile said the patch may be bypassed by potential attackers if the Windows Point and Print technology is enabled.

Microsoft also advised affected users to disable Point and Print, a protocol that enables automatic downloads and installations of drivers for networked printers.

Dormann however pointed out that Microsoft did not actually explain how to disable Point and Print, and has questioned if the protocol can even be disabled at all.

According to Microsoft, the vulnerability (officially dubbed “CVE-2021-34527”) is found in how print spooler improperly performs privileged file operations. An attacker could exploit it to install programs, change data and create new accounts with full user rights, among other actions.

iTnews reported last week that Hong Kong-based researchers Sangfor accidentally published the vulnerability in June, eventually deleting technical details and proof-of-concept code from Github.

All versions of Windows are vulnerable and domain controllers are affected if print spooler service is enabled. Updates were released for Windows Server 2019, Server 2016, Server 2012 and versions of Windows 7 and Windows 10.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.
Tags:

Most Read Articles

Log In

Email:
Password:
  |  Forgot your password?