In an emergency security update, Microsoft has released a patch to fix a critical flaw in the Windows Print Spooler service. The vulnerability called PrintNightmare was discovered by some security analysts who accidentally published a proof-of-concept (PoC) exploit. The security flaw allows attackers to remotely execute code with system-level privileges and take over the victim host completely, to carry out malicious operations.
To address the PrintNightmare security flaw impacting the Windows Print Spooler service, Microsoft has rolled out-of-band security updates for all supported versions of Windows. This vulnerability allows attackers to print functionality inside local networks when print capabilities are exposed to the Internet. As explained by the company, the remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
However, this is said to be a cumulative update release, so it contains all previous security fixes and should be applied immediately to fully protect your systems. As per the company, the fix fully addresses the public vulnerability, and it also includes a new feature that allows customers to implement stronger protections. See: KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates.
Microsoft also states that “ Please note that not all versions of the update are available today as some packages are not quite ready for release. We feel that it is important to provide security updates as quickly as possible for systems that we can confidently protect today. Unfortunately, security updates for Windows Server 2016, Windows 10, version 1607, and Windows Server 2012 will be delayed for a short period, but they are expected soon.”
One can also disable the inbound remote printing as explained below:
Go to Computer Configuration > Administrative Templates > Printers and switch off the Allow Print Spooler to accept client connections option. The user is also required to restart the Print Spooler service to make the changes.
But soon after the pact was released, a security researcher brought another issue with the security update revealing how exploits could bypass the patch.
Benjamin Delpy, a developer of the hacking and network utility Mimikatz via tweet said, “ Dealing with strings & filenames is hard😉 New function in #mimikatz 🥝to normalize filenames (bypassing checks by using UNC instead of \\server\share format). So an RCE (and LPE) with #printnightmare on a fully patched server, with Point & Print enabled.
He also shared a video that demonstrates the security pact failed to fix the vulnerability using a certain setting named paint and print that simply allows networks users to get hands-on with the required printer drivers.
However, the fix may be incomplete but it does provide protection from other types of attacks that exploit the print spooler vulnerability. So the Windows users are recommended to install these updates immediately and should wait for further instructions.
For the latest gadget and tech news, and gadget reviews, follow us on Twitter, Facebook and Instagram. For newest tech & gadget videos subscribe to our YouTube Channel. You can also stay up to date using the Gadget Bridge Android App.
