Security News > 2021 > July > Microsoft struggles to wake from PrintNightmare: Latest print spooler patch can be bypassed, researchers say
So a RCE with #printnightmare on a fully patched server, with Point & Print enabled.
Mimikatz creator Benjamin Delpy, who is also responsible for the R&D Security Center at the Banque de France, shared a screenshot of a reversed-engineered Windows DLL with The Register and explained that the problem was down to how Microsoft was checking for remote libraries in its patch for PrintNightmare aka CVE-2021-34527.
Turning off the print spooler service on domain controllers and systems that do not print is the official guidance from Uncle Sam.
In short, disable the vulnerable the print spooler service on your Windows systems to prevent exploitation.
It may find itself having to push out a patch to patch the patch, in true Microsoft style.
Check the above link for the Registry keys and other requirements for what Microsoft says is a secure deployment - or just switch off print spooler and be done with it.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/07/07/printnightmare_fix_fail/
Related news
- What Is Patch Tuesday? Microsoft’s Monthly Update Explained (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- February's Patch Tuesday sees Microsoft offer just 63 fixes (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-02 | CVE-2021-34527 | Improper Privilege Management vulnerability in Microsoft products <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. | 0.0 |