Microsoft's PrintNightmare patch doesn't work: researchers

By on
Microsoft's PrintNightmare patch doesn't work: researchers

Remote code execution and privilege escalation still possible.

Testing done by security researchers appears to bear out suspicions that Microsoft's urgent out-of-band patch released yesterday does not fully address the critical and exploited PrintNightmare zero-day vulnerability.

United States Computer Emergency Response Team vulnerability analyst Will Dormann raised doubts that Microsoft's patch was sufficient to prevent remote code execution and local privilege escalation to the SYSTEM Windows user.

Further testing done by Mimikatz security tool developer Benjamin Delpy points to Microsoft's patch being bypassable if the Windows Point and Print technology is enabled.

Security vendor JumpsecLabs has released a step-by-step guide on Github to check whether or not the Microsoft patch has been effective against PrintNightmare, using PowerShell scripts developed by Huntress researchers John Hammond and Caleb Stewart.

Point and Print is a Windows protocol enabled by default that provides for automatic downloads and installations of drivers for networked printers, for user convenience.

Microsoft now suggests that users disable Point and Print, but Dormann said it is not clear how to do so, or if it is even possible.

The PrintNightmare vulnerability was accidentally published by Hong Kong based security researchers Sangfor last month.

It allows attackers to exploit missing access controls to load malicious unsigned code masquerading as drivers for the Windows Print Spooler service, which is enabled on all versions of the operating system by default.

Apart from all supported client Windows systems, PrintNightmare can be used to attack network domain controllers as well.

While users wait for a working PrintNightmare patch from Microsoft, Dormann pointed to the free 0patch provided set of micropatches that prevent exploitation of the vulnerability.

If using the 0patch fixes, administrators are advised not to apply Microsoft's PrintNightmare patch as well, as it reopens the vulnerability.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
microsoftpoint and printprintnightmaresecuritywindows

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

Most Read Articles

Kmart Australia stands up consent-as-a-service platform

Kmart Australia stands up consent-as-a-service platform
NSW digital driver's licences 'easily forgeable'

NSW digital driver's licences 'easily forgeable'
Kmart Australia re-platforms ecommerce site to AWS

Kmart Australia re-platforms ecommerce site to AWS
Westpac promotes its head of technology to mortgage role

Westpac promotes its head of technology to mortgage role

Digital Nation

As NFTs gain traction, businesses start taking early bets
As NFTs gain traction, businesses start taking early bets
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
Case Study: PlayHQ leverages graph technologies for sports administration
Case Study: PlayHQ leverages graph technologies for sports administration
The other ‘CTO’: The emerging role of the chief transformation officer
The other ‘CTO’: The emerging role of the chief transformation officer
Metaverse hype will transition into new business models by mid decade: Gartner
Metaverse hype will transition into new business models by mid decade: Gartner

Log In

  |  Forgot your password?