Security News > 2021 > July > Microsoft struggles to wake from PrintNightmare: Latest print spooler patch can be bypassed, researchers say
So a RCE with #printnightmare on a fully patched server, with Point & Print enabled.
Mimikatz creator Benjamin Delpy, who is also responsible for the R&D Security Center at the Banque de France, shared a screenshot of a reversed-engineered Windows DLL with The Register and explained that the problem was down to how Microsoft was checking for remote libraries in its patch for PrintNightmare aka CVE-2021-34527.
Turning off the print spooler service on domain controllers and systems that do not print is the official guidance from Uncle Sam.
In short, disable the vulnerable the print spooler service on your Windows systems to prevent exploitation.
It may find itself having to push out a patch to patch the patch, in true Microsoft style.
Check the above link for the Registry keys and other requirements for what Microsoft says is a secure deployment - or just switch off print spooler and be done with it.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/07/07/printnightmare_fix_fail/
Related news
- Microsoft discloses Office zero-day, still working on a patch (source)
- Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (source)
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-02 | CVE-2021-34527 | Improper Privilege Management vulnerability in Microsoft products <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. | 8.8 |