Microsoft's PrintNightmare patch doesn't work: researchers

By on
Microsoft's PrintNightmare patch doesn't work: researchers

Remote code execution and privilege escalation still possible.

Testing done by security researchers appears to bear out suspicions that Microsoft's urgent out-of-band patch released yesterday does not fully address the critical and exploited PrintNightmare zero-day vulnerability.

United States Computer Emergency Response Team vulnerability analyst Will Dormann raised doubts that Microsoft's patch was sufficient to prevent remote code execution and local privilege escalation to the SYSTEM Windows user.

Further testing done by Mimikatz security tool developer Benjamin Delpy points to Microsoft's patch being bypassable if the Windows Point and Print technology is enabled.

Security vendor JumpsecLabs has released a step-by-step guide on Github to check whether or not the Microsoft patch has been effective against PrintNightmare, using PowerShell scripts developed by Huntress researchers John Hammond and Caleb Stewart.

Point and Print is a Windows protocol enabled by default that provides for automatic downloads and installations of drivers for networked printers, for user convenience.

Microsoft now suggests that users disable Point and Print, but Dormann said it is not clear how to do so, or if it is even possible.

The PrintNightmare vulnerability was accidentally published by Hong Kong based security researchers Sangfor last month.

It allows attackers to exploit missing access controls to load malicious unsigned code masquerading as drivers for the Windows Print Spooler service, which is enabled on all versions of the operating system by default.

Apart from all supported client Windows systems, PrintNightmare can be used to attack network domain controllers as well.

While users wait for a working PrintNightmare patch from Microsoft, Dormann pointed to the free 0patch provided set of micropatches that prevent exploitation of the vulnerability.

If using the 0patch fixes, administrators are advised not to apply Microsoft's PrintNightmare patch as well, as it reopens the vulnerability.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
microsoft point and print printnightmare security windows

Sponsored Whitepapers

IBM Maximo: Manage any asset, anytime, any place with mobile EAM
IBM Maximo: Manage any asset, anytime, any place with mobile EAM
Optimise your operations with APM and AI-Powered insights
Optimise your operations with APM and AI-Powered insights
Forrester Study: Understand the total economic impact of using IBM Cloud Pak™ for Data
Forrester Study: Understand the total economic impact of using IBM Cloud Pak™ for Data
Technology skill development: The strategy for building better teams
Technology skill development: The strategy for building better teams
Find unhappy users before they complain
Find unhappy users before they complain

Events

Most Read Articles

Services Australia shifts most Centrelink payments to SAP S/4 HANA

Services Australia shifts most Centrelink payments to SAP S/4 HANA
Service NSW to hire 200 engineers, designers

Service NSW to hire 200 engineers, designers
CBA takes 25 percent stake in two NBN retail service providers

CBA takes 25 percent stake in two NBN retail service providers
Toll Group starts to scale out intelligent automation

Toll Group starts to scale out intelligent automation

Log In

Email:
Password:
  |  Forgot your password?