Security News > 2021 > August > Microsoft responds to PrintNightmare by making life that little bit harder for admins

Microsoft appears intent on turning the print spooler remote code execution vulnerability known as "PrintNightmare" into an AdminNightmare, judging by its latest mitigation, which requires administrator privileges for Point and Print driver installation and update.

As a reminder, PrintNightmare began life as an accidentally disclosed zero-day at the end of June and permitted an attacker to run arbitrary code on Windows with SYSTEM privileges.

Security researchers pressed the hole and further vulnerabilities oozed out of the Print Spooler service.

Having initially told users to shut down Print Spooler, Microsoft's latest missive means it will require administrator privileges for Point and Print driver installation, a change that will hit all supported versions of Windows and turned up in this week's round of patches.

"This change?may?impact Windows print clients in scenarios where non-elevated users were previously able to add?or update?printers," said Microsoft.

Benjamin Delpy, head of R&D Security at Banque de France and author of Mimikatz, told The Register "It does NOT fix" the PrintNightmare vulnerability he found.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/08/11/printnightmare_mitigation/