Security News > 2021 > July > Microsoft's Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability

Even as Microsoft expanded patches for the so-called PrintNightmare vulnerability for Windows 10 version 1607, Windows Server 2012, and Windows Server 2016, it has come to light that the fix for the remote code execution exploit in the Windows Print Spooler service can be bypassed in certain scenarios, effectively defeating the security protections and permitting attackers to run arbitrary code on infected systems.

"Several days ago, two security vulnerabilities were found in Microsoft Windows' existing printing mechanism," Yaniv Balmas, head of cyber research at Check Point, told The Hacker News.

PrintNightmare stems from bugs in the Windows Print Spooler service, which manages the printing process inside local networks.

"After installing this [update] and later Windows updates, users who are not administrators can only install signed print drivers to a print server," Microsoft said, detailing the improvements made to mitigate the risks associated with the flaw.

While Microsoft has recommended the nuclear option of stopping and disabling the Print Spooler service, an alternative workaround is to enable security prompts for Point and Print, and limit printer driver installation privileges to administrators alone by configuring the "RestrictDriverInstallationToAdministrators" registry value to prevent regular users from installing printer drivers on a print server.

"Our investigation has shown that the OOB security update is working as designed and is effective against the known printer spooling exploits and other public reports collectively being referred to as PrintNightmare. All reports we have investigated have relied on the changing of default registry setting related to Point and Print to an insecure configuration."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/6wJ1sNG2UPg/microsofts-emergency-patch-fails-to.html