Security News > 2021 > August > Microsoft Takes Another Stab at PrintNightmare Security Fix
After weeks of struggling to properly resolve security defects in the Windows Print Spooler utility, Microsoft is making a major default change to the way Windows interacts with the problematic Point and Print driver.
This move is meant to be a more comprehensive fix for dangerous security flaws publicly known as PrintNightmare that expose users to remote code execution and privilege escalation attacks.
"Our investigation into several vulnerabilities collectively referred to as"PrintNightmare" has determined that the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks," according to a statement from the Microsoft Security Response Center.
The default change takes effect with the installation of the August batch of security updates for all versions of Windows.
The PrintNightmare security problems first emerged in June this year when Microsoft misdiagnosed the severity of a vulnerability to confirm the risk of code execution attacks.
In July, Microsoft shipped an emergency patch to provide cover for Windows users but security experts soon discovered that the patch did not properly fix the underlying vulnerability.
News URL
Related news
- Microsoft Copilot for Security prepares for April liftoff (source)
- Microsoft’s Security Copilot Enters General Availability (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft fixes Outlook security alerts bug caused by December updates (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- Microsoft squashes SmartScreen security bypass bug exploited in the wild (source)
- Microsoft and Security Incentives (source)
- Microsoft releases Exchange hotfixes for security update issues (source)