Microsoft tries again to plug 'PrintNightmare' security hole

By on
Microsoft tries again to plug 'PrintNightmare' security hole

Security experts cast doubt patch works fully.

This month's Patch Wednesday from Microsoft arrived with another fix for the accidentally published "PrintNightmare" zero-day vulnerability, which allows attackers to abuse the Windows Print Spooler service to remotely execute code at elevated SYSTEM privileges.

The fix changes the Windows Point and Print driver installation behaviour to require Administrator privileges by default.

Such a change could cause issues in enterprise environments where standard users were able to install printer drivers before, Microsoft's Security Response Centre warned.

"This change may impact Windows print clients in scenarios where non-elevated users were previously able to add or update printers," MSRC wrote.

"However, we strongly believe that the security risk justifies this change."

But Mimikatz pen-test tool author Benjamin Delpy said Microsoft's August patch once again does not fully address the PrintNightmare vulnerability.

Deply suggested users apply Group Policy Object rules to address the vulnerability instead.

Microsoft released a patch for "PrintNightmare" in July, but it was ineffective.

It is possible to disable the changed default printer installation behaviour for Point and Print,  but Microsoft recommends that users do not do that.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?