This month's Patch Wednesday from Microsoft arrived with another fix for the accidentally published "PrintNightmare" zero-day vulnerability, which allows attackers to abuse the Windows Print Spooler service to remotely execute code at elevated SYSTEM privileges.
The fix changes the Windows Point and Print driver installation behaviour to require Administrator privileges by default.
Such a change could cause issues in enterprise environments where standard users were able to install printer drivers before, Microsoft's Security Response Centre warned.
"This change may impact Windows print clients in scenarios where non-elevated users were previously able to add or update printers," MSRC wrote.
"However, we strongly believe that the security risk justifies this change."
But Mimikatz pen-test tool author Benjamin Delpy said Microsoft's August patch once again does not fully address the PrintNightmare vulnerability.
This #printnightmare patch fiasco is representative of Microsoft's attention to fixes, testing, quality
— �� Benjamin Delpy (@gentilkiwi) August 11, 2021
While waiting for their statement, do not forget to patch (if fixes stuff), but also to push:
* PackagePointAndPrintServerList
* ListofServers
> https://t.co/x57pWgvvDh pic.twitter.com/rP6XeWfScR
Deply suggested users apply Group Policy Object rules to address the vulnerability instead.
Microsoft released a patch for "PrintNightmare" in July, but it was ineffective.
It is possible to disable the changed default printer installation behaviour for Point and Print, but Microsoft recommends that users do not do that.
_(22).jpg&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
