Security News > 2021 > July > Microsoft struggles to wake from PrintNightmare: Latest print spooler patch can be bypassed, researchers say

Microsoft struggles to wake from PrintNightmare: Latest print spooler patch can be bypassed, researchers say
2021-07-07 18:18

So a RCE with #printnightmare on a fully patched server, with Point & Print enabled.

Mimikatz creator Benjamin Delpy, who is also responsible for the R&D Security Center at the Banque de France, shared a screenshot of a reversed-engineered Windows DLL with The Register and explained that the problem was down to how Microsoft was checking for remote libraries in its patch for PrintNightmare aka CVE-2021-34527.

Turning off the print spooler service on domain controllers and systems that do not print is the official guidance from Uncle Sam.

In short, disable the vulnerable the print spooler service on your Windows systems to prevent exploitation.

It may find itself having to push out a patch to patch the patch, in true Microsoft style.

Check the above link for the Registry keys and other requirements for what Microsoft says is a secure deployment - or just switch off print spooler and be done with it.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/07/07/printnightmare_fix_fail/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-07-02 CVE-2021-34527 Improper Privilege Management vulnerability in Microsoft products
<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. 		0.0
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 373 51 1390 2826 168 4435