Security News

The United States Cybersecurity and Infrastructure Security Agency has published the results of the Risk and Vulnerability Assessments it conducted in fiscal year 2020, revealing some of the security weaknesses that impact government and critical infrastructure organizations. CISA conducted a total of 37 RVAs, leveraging the MITRE ATT&CK framework to provide a better understanding of risks and help organizations remediate weaknesses that threat actors might abuse in live attacks to compromise network security controls.

Even as Microsoft expanded patches for the so-called PrintNightmare vulnerability for Windows 10 version 1607, Windows Server 2012, and Windows Server 2016, it has come to light that the fix for the remote code execution exploit in the Windows Print Spooler service can be bypassed in certain scenarios, effectively defeating the security protections and permitting attackers to run arbitrary code on infected systems. "Several days ago, two security vulnerabilities were found in Microsoft Windows' existing printing mechanism," Yaniv Balmas, head of cyber research at Check Point, told The Hacker News.

This week, PrintNightmare - Microsoft's Print Spooler vulnerability was upgraded from a 'Low' criticality to a 'Critical' criticality. Print Spooler in a nutshell: Print Spooler is Microsoft's service for managing and monitoring files printing.

Yesterday, Microsoft released multiple Windows updates to fix the widely reported "PrintNightmare" vulnerability in the Windows Print Spooler service. According to Microsoft, this vulnerability is impacting all Windows 10 versions, including the most recent May 2021 Update and version 20H2. To deploy Microsoft's patch, you need to check for updates under Updates & Security > Windows Update and apply the latest July update, and reboot the system when prompted.

Researchers have bypassed Microsoft's emergency patch for the PrintNightmare vulnerability to achieve remote code execution and local privilege escalation with the official fix installed. "If you're using 0patch against PrintNightmare, DO NOT apply the July 6 Windows Update! Not only does it not fix the local attack vector but it also doesn't fix the remote vector. However, it changes localspl.dll, which makes our patches that DO fix the problem stop applying," tweeted the 0Patch service.

Microsoft late Tuesday pushed out an emergency patch to cover the Windows 'PrintNightmare' security flaw. The issue caused major headaches in security research circles because the exploit targets CVE-2021-1675, a vulnerability that was patched by Microsoft on June 8 and originally misdiagnosed as a low-risk privilege escalation issue.

Microsoft has released the KB5004945 emergency security update to fix the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service impacting all Windows versions. Windows 7 SP1 and Windows Server 2008 R2 SP1. Windows Server 2008 SP2. Security updates have not yet been released for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012, but they will also be released soon, according to Microsoft.

Microsoft has shipped an emergency out-of-band security update to address a critical zero-day vulnerability - known as "PrintNightmare" - that affects the Windows Print Spooler service and can permit remote threat actors to run arbitrary code and take over vulnerable systems. "The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system," the CERT Coordination Center said of the issue.

The password generator included in Kaspersky Password Manager had several problems. All the passwords it created could be bruteforced in seconds.

Microsoft has told Azure users to update PowerShell - if they are using versions 7.0 or 7.1 - to address a remote code execution vulnerability patched earlier this year. The tech giant has advised customers who manage their Azure resources using affected versions of the PowerShell task automation solution to update to versions 7.0.6 or 7.1.3.