Microsoft

Microsoft’s PrintNightmare Patch Is Useless

The patch against the PrintNightmare vulnerability released by Microsoft is probably not as good as one would wish. Security researchers have already managed to completely bypass its fixes.

The vulnerability, listed as CVE-2021-34527, basically allows for two parallel attacks: a Remote Code Execution (RCE), which is the injection and execution of foreign code, and a Local Privilege Escalation (LPE), which is the extension of privileges for the attacker. Microsoft focused primarily on the RCE exploit in its warning about the problem.

Microsoft’s developers gave little credit to the LPE portion of the PrintNightmare vulnerability, which the discoverers from Carnegie Mellon University’s CERT had already helped to work out. This is now reflected in the result of the patch. The release notes already showed that the patch was mainly intended to fix the problems that allowed code to be injected while the privilege escalation was not touched.

ByPass Must Be Avoided

This has now led to several security experts being able to develop proof-of-concept exploits that also work on fully patched systems. So, in this respect, no user should feel safe who updated their Windows systems immediately after the release of the latest updates.

In view of the information available so far and the speed with which the security experts have been able to identify the problems that still exist, it can be assumed that a comparable level of knowledge also exists among criminals. It should therefore hardly be long before malware appears in the wild that exploits the PrintNightmare vulnerabilities bypassing the patch.

Microsoft would therefore be well advised to provide an improved patch as soon as possible. Until then, administrators should disable the Windows Print Spooler service via group policies. However, in networked work environments, this can mean that printing functionality remains restricted for some users for the time being – which is a bearable problem compared to a successful attack.

Share
Published by
Yasir Zeb

Recent Posts

Samsung Galaxy Tab S12 Ultra Leak shows design of the high-end tablet

New render images provide a preview of the upcoming Samsung Galaxy Tab S12 Ultra. While…

14 hours ago

TSMC wants to remain No. 1 in chips: A14, A13, A12 nodes from 2028

Taiwan Semiconductor Manufacturing Company (TSMC) has once again provided an outlook on its plans for…

14 hours ago

Apple iPad Mini 8 with OLED screen probably coming in autumn

The iPad Mini could soon see notable innovations for the first time in years. According…

14 hours ago

Pixel 11 Pro Fold Leak: Expected function appears to be missing

A current leak shows Google's upcoming folding smartphone in a new color variant. In addition…

15 hours ago

Tesla to introduce a bike, but not in the way you might think

The car manufacturer Tesla has brought a new two-wheeler onto the market. However, this is…

15 hours ago

Crash in the smartphone market: lowest sales figures in 13 years

The global smartphone market is experiencing a severe downturn, recording its worst quarter in 13…

1 day ago