Security News > 2021 > August > Microsoft Takes Another Stab at PrintNightmare Security Fix
After weeks of struggling to properly resolve security defects in the Windows Print Spooler utility, Microsoft is making a major default change to the way Windows interacts with the problematic Point and Print driver.
This move is meant to be a more comprehensive fix for dangerous security flaws publicly known as PrintNightmare that expose users to remote code execution and privilege escalation attacks.
"Our investigation into several vulnerabilities collectively referred to as"PrintNightmare" has determined that the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks," according to a statement from the Microsoft Security Response Center.
The default change takes effect with the installation of the August batch of security updates for all versions of Windows.
The PrintNightmare security problems first emerged in June this year when Microsoft misdiagnosed the severity of a vulnerability to confirm the risk of code execution attacks.
In July, Microsoft shipped an emergency patch to provide cover for Windows users but security experts soon discovered that the patch did not properly fix the underlying vulnerability.
News URL
Related news
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- ‘Sneaky Log’ Microsoft Spoofing Scheme Sidesteps Two-Factor Security (source)
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- Microsoft: January Windows security updates break audio playback (source)
- Microsoft shares workaround for Windows security update issues (source)